当前位置:网站首页>记一次api接口SQL注入实战
记一次api接口SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:google hacking语法asmx?wsdl
指导 某迪导师
0x01 思路:google hacking语法asmx?wsdl
点击url:domain/WebServices/InboxWS.asmx
0x02 发现两个接口 并且能够异地调用
火狐中抓包
测试
0x03 抓包repeat判断
四个参数加 ' 报nynax错误 由此推断可能存在sql注入
最后用sqlmap跑出sqlserver数据库 延时注入
这里由于接近12点接口服务不稳定 先就搞到这里
0x04 暴库
sqlmap语法
python sqlmap.py -r 1.txt --batch
python sqlmap.py -r 1.txt --dbs --batch
点到为止
边栏推荐
- A piece of music composed by buzzer (Chengdu)
- HackMyvm靶机系列(1)-webmaster
- 撲克牌遊戲程序——人機對抗
- 7-4 hash table search (PTA program design)
- Using spacedesk to realize any device in the LAN as a computer expansion screen
- 7-1 输出2到n之间的全部素数(PTA程序设计)
- [hand tearing code] single case mode and producer / consumer mode
- Have you encountered ABA problems? Let's talk about the following in detail, how to avoid ABA problems
- 强化学习系列(一):基本原理和概念
- Analysis of penetration test learning and actual combat stage
猜你喜欢
Hackmyvm target series (6) -videoclub
撲克牌遊戲程序——人機對抗
Principles, advantages and disadvantages of two persistence mechanisms RDB and AOF of redis
![[hand tearing code] single case mode and producer / consumer mode](/img/b3/243843baaf0d16edeab09142b4ac09.png)
[hand tearing code] single case mode and producer / consumer mode
SRC挖掘思路及方法
强化學習基礎記錄
A piece of music composed by buzzer (Chengdu)
使用Spacedesk实现局域网内任意设备作为电脑拓展屏
3. Input and output functions (printf, scanf, getchar and putchar)
Meituan dynamic thread pool practice ideas, open source
随机推荐
7-9 make house number 3.0 (PTA program design)
js判断对象是否是数组的几种方式
[modern Chinese history] Chapter 6 test
Using spacedesk to realize any device in the LAN as a computer expansion screen
记一次猫舍由外到内的渗透撞库操作提取-flag
Force deduction 152 question multiplier maximum subarray
Mode 1 two-way serial communication is adopted between machine a and machine B, and the specific requirements are as follows: (1) the K1 key of machine a can control the ledi of machine B to turn on a
Experiment 4 array
7-5 走楼梯升级版(PTA程序设计)
实验四 数组
[three paradigms of database] you can understand it at a glance
Hackmyvm target series (5) -warez
Spot gold prices rose amid volatility, and the rise in U.S. prices is likely to become the key to the future
强化學習基礎記錄
强化学习基础记录
使用Spacedesk实现局域网内任意设备作为电脑拓展屏
[modern Chinese history] Chapter 9 test
[insert, modify and delete data in the headsong educator data table]
7-8 7104 约瑟夫问题(PTA程序设计)
Package bedding of components