当前位置:网站首页>记一次api接口SQL注入实战
记一次api接口SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:google hacking语法asmx?wsdl
指导 某迪导师
0x01 思路:google hacking语法asmx?wsdl
点击url:domain/WebServices/InboxWS.asmx
0x02 发现两个接口 并且能够异地调用
火狐中抓包
测试
0x03 抓包repeat判断
四个参数加 ' 报nynax错误 由此推断可能存在sql注入
最后用sqlmap跑出sqlserver数据库 延时注入
这里由于接近12点接口服务不稳定 先就搞到这里
0x04 暴库
sqlmap语法
python sqlmap.py -r 1.txt --batch
python sqlmap.py -r 1.txt --dbs --batch
点到为止
边栏推荐
猜你喜欢
. Net6: develop modern 3D industrial software based on WPF (2)
Canvas foundation 1 - draw a straight line (easy to understand)
Hackmyvm target series (6) -videoclub
Difference and understanding between detected and non detected anomalies
Canvas foundation 2 - arc - draw arc
7-5 staircase upgrade (PTA program design)
Nuxtjs quick start (nuxt2)
UGUI—Text
Attach the simplified sample database to the SQLSERVER database instance
Write a program to simulate the traffic lights in real life.
随机推荐
Thoroughly understand LRU algorithm - explain 146 questions in detail and eliminate LRU cache in redis
Strengthen basic learning records
Intensive literature reading series (I): Courier routing and assignment for food delivery service using reinforcement learning
js判断对象是否是数组的几种方式
7-7 7003 组合锁(PTA程序设计)
SRC挖掘思路及方法
Reinforcement learning series (I): basic principles and concepts
7-6 矩阵的局部极小值(PTA程序设计)
Get started with typescript
7-11 机工士姆斯塔迪奥(PTA程序设计)
7-8 7104 Joseph problem (PTA program design)
Hackmyvm target series (3) -visions
Experiment 7 use of common classes
Inaki Ading
Attach the simplified sample database to the SQLSERVER database instance
渗透测试学习与实战阶段分析
Meituan dynamic thread pool practice ideas, open source
2. First knowledge of C language (2)
强化学习基础记录
7-14 error ticket (PTA program design)