blind_injection

平台   MISC   已通过

题目作者: valecalida

一　　血: ‌‌‌‌‌‌‌‌‌‌‬‌‌

一血奖励: 2金币

解　　决: 2288

提　　示:

描　　述: 记得加上flag{}格式哟

附　　件: 下载

站长题解:

#文件流过滤目标类型：
#?id=1'%20and%20substr((select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database()),52,1)='f'%20--+ HTTP/1.1
 
 
 
import re
 
#用列表存放过滤出来的http请求
text=[]
 
with open(r"cap.pcap","rb") as f:
    for i in f.readlines():
        if b"?id=1'%20and%20substr((select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())" in i:
            text.append(i.strip())
f.close()
 
#利用字典配合正则提取正确盲注的字符
flag={}
for i in text:
    try :
        num = int(re.search(br"database\(\)\),(\d+),1\)",i).group(1).decode())      #匹配序号
        str = re.search(br"1\)='(.|\n)'%20--\+ HTTP/1.1",i).group(1).decode()       #匹配字符
        flag[num] = str                                                             #过滤错误的字符
    except:
        pass
 
#输出
for i in flag.values():
    print(i, end="")

去做题