当前位置:网站首页>记一次api接口SQL注入实战
记一次api接口SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:google hacking语法asmx?wsdl
指导 某迪导师
0x01 思路:google hacking语法asmx?wsdl
点击url:domain/WebServices/InboxWS.asmx
0x02 发现两个接口 并且能够异地调用
火狐中抓包
测试
0x03 抓包repeat判断
四个参数加 ' 报nynax错误 由此推断可能存在sql注入
最后用sqlmap跑出sqlserver数据库 延时注入
这里由于接近12点接口服务不稳定 先就搞到这里
0x04 暴库
sqlmap语法
python sqlmap.py -r 1.txt --batch
python sqlmap.py -r 1.txt --dbs --batch
点到为止
边栏推荐
猜你喜欢
自定义RPC项目——常见问题及详解(注册中心)
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
HackMyvm靶機系列(3)-visions
HackMyvm靶机系列(2)-warrior
3. Input and output functions (printf, scanf, getchar and putchar)
The difference between cookies and sessions
1143_ SiCp learning notes_ Tree recursion
SRC mining ideas and methods
Poker game program - man machine confrontation
MySQL lock summary (comprehensive and concise + graphic explanation)
随机推荐
Brief introduction to XHR - basic use of XHR
[面試時]——我如何講清楚TCP實現可靠傳輸的機制
MySQL lock summary (comprehensive and concise + graphic explanation)
[data processing of numpy and pytoch]
Leetcode. 3. Longest substring without repeated characters - more than 100% solution
Get started with typescript
Thoroughly understand LRU algorithm - explain 146 questions in detail and eliminate LRU cache in redis
Mixlab unbounded community white paper officially released
Differences among fianl, finally, and finalize
HackMyvm靶机系列(6)-videoclub
QT meta object qmetaobject indexofslot and other functions to obtain class methods attention
【数据库 三大范式】一看就懂
3. Input and output functions (printf, scanf, getchar and putchar)
Read only error handling
Simply understand the promise of ES6
It's never too late to start. The tramp transformation programmer has an annual salary of more than 700000 yuan
强化學習基礎記錄
7-1 输出2到n之间的全部素数(PTA程序设计)
Reinforcement learning series (I): basic principles and concepts
Canvas foundation 2 - arc - draw arc