当前位置:网站首页>记一次api接口SQL注入实战
记一次api接口SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:google hacking语法asmx?wsdl
指导 某迪导师
0x01 思路:google hacking语法asmx?wsdl
点击url:domain/WebServices/InboxWS.asmx
0x02 发现两个接口 并且能够异地调用
火狐中抓包
测试
0x03 抓包repeat判断
四个参数加 ' 报nynax错误 由此推断可能存在sql注入
最后用sqlmap跑出sqlserver数据库 延时注入
这里由于接近12点接口服务不稳定 先就搞到这里
0x04 暴库
sqlmap语法
python sqlmap.py -r 1.txt --batch
python sqlmap.py -r 1.txt --dbs --batch
点到为止
边栏推荐
- [modern Chinese history] Chapter V test
- MySQL lock summary (comprehensive and concise + graphic explanation)
- Miscellaneous talk on May 27
- 7-4 hash table search (PTA program design)
- Experiment five categories and objects
- 1. Preliminary exercises of C language (1)
- 2. First knowledge of C language (2)
- 7-11 mechanic mustadio (PTA program design)
- 7-8 7104 Joseph problem (PTA program design)
- [insert, modify and delete data in the headsong educator data table]
猜你喜欢
Hackmyvm target series (7) -tron
Hackmyvm target series (3) -visions
Record a penetration of the cat shed from outside to inside. Library operation extraction flag
1. Preliminary exercises of C language (1)
2. First knowledge of C language (2)
Using spacedesk to realize any device in the LAN as a computer expansion screen
3. Input and output functions (printf, scanf, getchar and putchar)
FAQs and answers to the imitation Niuke technology blog project (III)
SRC挖掘思路及方法
强化学习系列(一):基本原理和概念
随机推荐
The difference between overloading and rewriting
强化学习基础记录
Custom RPC project - frequently asked questions and explanations (Registration Center)
实验八 异常处理
.Xmind文件如何上传金山文档共享在线编辑?
强化学习基础记录
TypeScript快速入门
About the parental delegation mechanism and the process of class loading
渗透测试学习与实战阶段分析
Package bedding of components
强化学习基础记录
Read only error handling
1. Preliminary exercises of C language (1)
【Numpy和Pytorch的数据处理】
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
The United States has repeatedly revealed that the yield of interest rate hiked treasury bonds continued to rise
A comprehensive summary of MySQL transactions and implementation principles, and no longer have to worry about interviews
Interpretation of iterator related "itertools" module usage
2. First knowledge of C language (2)
Which is more advantageous in short-term or long-term spot gold investment?