Skip to content

Commit dd982a9

Browse files
authored
Update blindsql2.md
When a special charecter like '@' in the flag, the original exploit will make wrong. It's better to use 'string.printable' instead of "string.ascii_letters + string.digits + ',_-{}'".
1 parent d41ffd6 commit dd982a9

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

docs/wp/2024/week4/web/blindsql2.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ url = 'http://ip:port'
8484
result = ''
8585
for i in range(1,100):
8686
print(f'[+] bruting at {i}')
87-
for c in string.ascii_letters + string.digits + ',_-{}':
87+
for c in string.printable: # 由于 flag 中可能会出现除 {}_-, 之外的字符,如 @,故使用 printable 字符表更加合适。
8888
time.sleep(0.01) # 限制速率,防止请求过快
8989

9090
print('[+] trying:', c)

0 commit comments

Comments
 (0)