当前位置:网站首页>记一次api接口SQL注入实战
记一次api接口SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:google hacking语法asmx?wsdl
指导 某迪导师
0x01 思路:google hacking语法asmx?wsdl
点击url:domain/WebServices/InboxWS.asmx
0x02 发现两个接口 并且能够异地调用
火狐中抓包
测试
0x03 抓包repeat判断
四个参数加 ' 报nynax错误 由此推断可能存在sql注入
最后用sqlmap跑出sqlserver数据库 延时注入
这里由于接近12点接口服务不稳定 先就搞到这里
0x04 暴库
sqlmap语法
python sqlmap.py -r 1.txt --batch
python sqlmap.py -r 1.txt --dbs --batch
点到为止
边栏推荐
- 记一次猫舍由外到内的渗透撞库操作提取-flag
- Implementation principle of automatic capacity expansion mechanism of ArrayList
- 7-8 7104 约瑟夫问题(PTA程序设计)
- Relationship between hashcode() and equals()
- 实验五 类和对象
- Have you encountered ABA problems? Let's talk about the following in detail, how to avoid ABA problems
- Thoroughly understand LRU algorithm - explain 146 questions in detail and eliminate LRU cache in redis
- HackMyvm靶機系列(3)-visions
- FAQs and answers to the imitation Niuke technology blog project (I)
- TypeScript快速入门
猜你喜欢
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
撲克牌遊戲程序——人機對抗
强化学习系列(一):基本原理和概念
QT meta object qmetaobject indexofslot and other functions to obtain class methods attention
2. First knowledge of C language (2)
![[au cours de l'entrevue] - Comment expliquer le mécanisme de transmission fiable de TCP](/img/d6/109042b77de2f3cfbf866b24e89a45.png)
[au cours de l'entrevue] - Comment expliquer le mécanisme de transmission fiable de TCP
![[VMware abnormal problems] problem analysis & Solutions](/img/64/f44864da600b61a1a646a5865a2083.jpg)
[VMware abnormal problems] problem analysis & Solutions
强化学习基础记录
HackMyvm靶机系列(7)-Tron
7-7 7003 combination lock (PTA program design)
随机推荐
中间件漏洞复现—apache
7-5 staircase upgrade (PTA program design)
实验九 输入输出流(节选)
Harmonyos JS demo application development
Experiment 7 use of common classes
Brief introduction to XHR - basic use of XHR
【Numpy和Pytorch的数据处理】
实验八 异常处理
QT meta object qmetaobject indexofslot and other functions to obtain class methods attention
[hand tearing code] single case mode and producer / consumer mode
7-9 make house number 3.0 (PTA program design)
Wechat applet
Hackmyvm target series (7) -tron
String ABC = new string ("ABC"), how many objects are created
Which is more advantageous in short-term or long-term spot gold investment?
Experiment five categories and objects
Safe driving skills on ice and snow roads
【MySQL-表结构与完整性约束的修改(ALTER)】
1. Preliminary exercises of C language (1)
xray与burp联动 挖掘