From a7deb8587c66c615566611b5cd3c3f3fe8a48be3 Mon Sep 17 00:00:00 2001 From: Swissky Date: Sat, 22 Jun 2019 15:20:34 +0200 Subject: [PATCH] python -> js --- _posts/2019-6-22-HIP19-MeetYourDoctor.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_posts/2019-6-22-HIP19-MeetYourDoctor.md b/_posts/2019-6-22-HIP19-MeetYourDoctor.md index b2e91c3..6e3f83c 100755 --- a/_posts/2019-6-22-HIP19-MeetYourDoctor.md +++ b/_posts/2019-6-22-HIP19-MeetYourDoctor.md @@ -170,7 +170,7 @@ The injection worked, now we can re-use the payload from the challenge #2 and ex Obviously we scripted the data extraction in Python, the script below will get the last flag : `4f537c0a-7da6-4acc-81e1-8c33c02ef3b`. -```python +{% highlight javascript %} def blind_nosql(URL): data = "" data_size = 35 @@ -183,7 +183,7 @@ def blind_nosql(URL): if r.json()['data']['doctors'] != []: data += c print("\033[92m[+] Data found:\033[0m {}".format(data)) -``` +{% endhighlight %} At that time we were checking if the content of `r.json()['data']['doctors']` was not empty, in order to abstract the data extraction we now take a check input from the user in order to compare the output.