当前位置:网站首页>Sqqyw (indifferent dot icon system) vulnerability recurrence and 74cms vulnerability recurrence
Sqqyw (indifferent dot icon system) vulnerability recurrence and 74cms vulnerability recurrence
2022-07-06 14:11:00 【Unknown white hat】
Catalog
One 、sqqyw( Indifferent point icon system )
Select regular and case insensitive
View with variables id File contents of
To define ID Of ywX Function to perform a global search
Look at the pictures with ywX File content of function
Conduct full-text search on the obtained text
Yes sohuquan Full text tracking
Judge the echo through time blind injection
adopt sqlmap Just inject the tool
Two 、74cms Loophole recurrence
Or continue to save and monitor
sqqyw( Indifferent point icon system )
Global search keywords
Search for select
Find out select, But it's not sql Statement select, This is in the label select
Select regular and case insensitive
View with variables id File contents of
If there is garbled code, change the coding format , Can be replaced by GBK and UTF-8
To define ID Of ywX Function to perform a global search
Look at the pictures with ywX File content of function
see /php/v144.php page
Conduct full-text search on the obtained text
see domain Whether in sohuquan Inside
Yes sohuquan Full text tracking
Get the address of your website
Yes domain Full text tracking
Modify the source address
id=1
Continue searching for text
Give Way api==ok, And u,p,id It's not empty.
Go around
Statement executed
Judge the echo through time blind injection
Because in the statement sleep(3) Was executed three times , So delay 9s
So here is the injection point
adopt sqlmap Just inject the tool
python sqlmap.py -u "http://localhost/sqqyw/php/v144.php?api=ok&u=1&p=1&id=1" --batch -p "id" --current-db
74cms Loophole recurrence
Using the conditions of secondary injection :
insert update
Variable control
Enter the membership Center
Sign in / register
Create a new resume
Turn on mysql monitor
Break down 、 to update
Save and listen
update The statement in is not related to the statement we inserted ,update We didn't write it ourselves , It is the updated number of the corresponding field matched by the system , So you can't use .
Continue to save and listen
insert The data in is our choice , It's not what we inserted , So you can't use .
Or save and listen
This makes it direct update The updated , No insertion , So it doesn't work .
Or continue to save and monitor
There is insert and update, And the variables are controllable
So we can check the user name through secondary injection
insert Filtering has little effect when inserting , as long as update Just don't filter when updating .
Resume management
边栏推荐
- . How to upload XMIND files to Jinshan document sharing online editing?
- List and data frame of R language experiment III
- The United States has repeatedly revealed that the yield of interest rate hiked treasury bonds continued to rise
- Middleware vulnerability recurrence Apache
- 渗透测试学习与实战阶段分析
- [MySQL database learning]
- Experiment 7 use of common classes
- 实验七 常用类的使用(修正帖)
- Force deduction 152 question multiplier maximum subarray
- Analysis of penetration test learning and actual combat stage
猜你喜欢
UGUI—Text
Ucos-iii learning records (11) - task management
Matlab opens M file garbled solution
Hackmyvm target series (6) -videoclub
Xray and Burp linked Mining
QT meta object qmetaobject indexofslot and other functions to obtain class methods attention
1. First knowledge of C language (1)
Nuxtjs quick start (nuxt2)
7-5 走楼梯升级版(PTA程序设计)
Hackmyvm target series (2) -warrior
随机推荐
【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
Implementation of count (*) in MySQL
实验五 类和对象
[MySQL table structure and integrity constraint modification (Alter)]
记一次api接口SQL注入实战
扑克牌游戏程序——人机对抗
强化學習基礎記錄
【MySQL数据库的学习】
内网渗透之内网信息收集(二)
Experiment 6 inheritance and polymorphism
Only 40% of the articles are original? Here comes the modification method
【MySQL-表结构与完整性约束的修改(ALTER)】
Relationship between hashcode() and equals()
Canvas foundation 1 - draw a straight line (easy to understand)
HackMyvm靶机系列(6)-videoclub
Xray and Burp linked Mining
Record a penetration of the cat shed from outside to inside. Library operation extraction flag
Hackmyvm target series (7) -tron
Experiment 7 use of common classes
Applet Web Capture -fiddler