1.打开日志文件发现又是一道二分法盲注流量,观察任意几条:
分析过程:
当状态码位200的时候,表示正确,报错为404,所以第21位大于101正确,大于102报错,所以正确字符为101,所以盲注出来的字符串应该是状态码等于200时的字符或等于404时的ascii码减去1
2.根据以上分析写出脚本:
import urllib.parse
import requests,re
f = open('日志里的秘密.log','r',encoding='gb18030',errors='ignore')
lines = f.readlines()
flag_ascii = {}
for line in lines:
if len(line) > 2:
request = urllib.parse.unquote(urllib.parse.unquote(line))
matchObj = re.search(r'''flag_is_here ORDER BY flag LIMIT 0,1\),(.*?),1\)\)>(.*?) AND 'RCKM'='RCKM&Submit=Submit HTTP/1.1" (.*?) ''',request)
#flag_is_here ORDER BY flag LIMIT 0,1),22,1))>96 AND 'RCKM'='RCKM&Submit=Submit HTTP/1.1
if matchObj:
key = int(matchObj.group(1)) # key保存字符的位置
value = int(matchObj.group(2)) # value保存字符的ascii编码
status= int(matchObj.group(3))
print(matchObj.group(3),':',matchObj.group(2))
if status==200:
flag_ascii[key] = value+1 # 用字典保存flag
if status==404:
flag_ascii[key] = value # 用字典保存flag
flag = ''
for value in flag_ascii.values():
flag += chr(value)
print (flag)