当前位置:网站首页>记一次api接口SQL注入实战
记一次api接口SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:google hacking语法asmx?wsdl
指导 某迪导师
0x01 思路:google hacking语法asmx?wsdl
点击url:domain/WebServices/InboxWS.asmx
0x02 发现两个接口 并且能够异地调用
火狐中抓包
测试
0x03 抓包repeat判断
四个参数加 ' 报nynax错误 由此推断可能存在sql注入
最后用sqlmap跑出sqlserver数据库 延时注入
这里由于接近12点接口服务不稳定 先就搞到这里
0x04 暴库
sqlmap语法
python sqlmap.py -r 1.txt --batch
python sqlmap.py -r 1.txt --dbs --batch
点到为止
边栏推荐
- 【Numpy和Pytorch的数据处理】
- Hackmyvm target series (5) -warez
- Implementation of count (*) in MySQL
- 强化学习基础记录
- Spot gold prices rose amid volatility, and the rise in U.S. prices is likely to become the key to the future
- HackMyvm靶机系列(7)-Tron
- Experiment 7 use of common classes
- 撲克牌遊戲程序——人機對抗
- It's never too late to start. The tramp transformation programmer has an annual salary of more than 700000 yuan
- Package bedding of components
猜你喜欢
Differences among fianl, finally, and finalize
Record a penetration of the cat shed from outside to inside. Library operation extraction flag
. Net6: develop modern 3D industrial software based on WPF (2)
![[dark horse morning post] Shanghai Municipal Bureau of supervision responded that Zhong Xue had a high fever and did not melt; Michael admitted that two batches of pure milk were unqualified; Wechat i](/img/d7/4671b5a74317a8f87ffd36be2b34e1.jpg)
[dark horse morning post] Shanghai Municipal Bureau of supervision responded that Zhong Xue had a high fever and did not melt; Michael admitted that two batches of pure milk were unqualified; Wechat i
![[面試時]——我如何講清楚TCP實現可靠傳輸的機制](/img/d6/109042b77de2f3cfbf866b24e89a45.png)
[面試時]——我如何講清楚TCP實現可靠傳輸的機制
Using spacedesk to realize any device in the LAN as a computer expansion screen
记一次猫舍由外到内的渗透撞库操作提取-flag
canvas基础1 - 画直线(通俗易懂)
【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
"Gold, silver and four" job hopping needs to be cautious. Can an article solve the interview?
随机推荐
Beautified table style
【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
HackMyvm靶机系列(5)-warez
【Numpy和Pytorch的数据处理】
String ABC = new string ("ABC"), how many objects are created
QT meta object qmetaobject indexofslot and other functions to obtain class methods attention
SRC挖掘思路及方法
[au cours de l'entrevue] - Comment expliquer le mécanisme de transmission fiable de TCP
HackMyvm靶机系列(4)-vulny
FAQs and answers to the imitation Niuke technology blog project (III)
7-5 走楼梯升级版(PTA程序设计)
Principles, advantages and disadvantages of two persistence mechanisms RDB and AOF of redis
Miscellaneous talk on May 14
力扣152题乘数最大子数组
[面試時]——我如何講清楚TCP實現可靠傳輸的機制
Differences among fianl, finally, and finalize
实验七 常用类的使用(修正帖)
Reinforcement learning series (I): basic principles and concepts
Experiment 8 exception handling
The United States has repeatedly revealed that the yield of interest rate hiked treasury bonds continued to rise