当前位置:网站首页>记一次api接口SQL注入实战
记一次api接口SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:google hacking语法asmx?wsdl
指导 某迪导师
0x01 思路:google hacking语法asmx?wsdl
点击url:domain/WebServices/InboxWS.asmx
0x02 发现两个接口 并且能够异地调用
火狐中抓包
测试
0x03 抓包repeat判断
四个参数加 ' 报nynax错误 由此推断可能存在sql注入
最后用sqlmap跑出sqlserver数据库 延时注入
这里由于接近12点接口服务不稳定 先就搞到这里
0x04 暴库
sqlmap语法
python sqlmap.py -r 1.txt --batch
python sqlmap.py -r 1.txt --dbs --batch
点到为止
边栏推荐
- 7-6 local minimum of matrix (PTA program design)
- 强化学习基础记录
- 实验六 继承和多态
- JS several ways to judge whether an object is an array
- Mixlab unbounded community white paper officially released
- Hackmyvm target series (6) -videoclub
- Hackmyvm Target Series (3) - vues
- Record a penetration of the cat shed from outside to inside. Library operation extraction flag
- 【MySQL数据库的学习】
- 强化學習基礎記錄
猜你喜欢
Poker game program - man machine confrontation
深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
Middleware vulnerability recurrence Apache
Read only error handling
Nuxtjs quick start (nuxt2)
Renforcer les dossiers de base de l'apprentissage
强化学习基础记录
Differences among fianl, finally, and finalize
Custom RPC project - frequently asked questions and explanations (Registration Center)
![[during the interview] - how can I explain the mechanism of TCP to achieve reliable transmission](/img/d6/109042b77de2f3cfbf866b24e89a45.png)
[during the interview] - how can I explain the mechanism of TCP to achieve reliable transmission
随机推荐
【头歌educoder数据表中数据的插入、修改和删除】
TypeScript快速入门
Experiment 7 use of common classes
Why use redis
HackMyvm靶机系列(1)-webmaster
7-15 h0161. Find the greatest common divisor and the least common multiple (PTA program design)
Canvas foundation 2 - arc - draw arc
HackMyvm靶机系列(2)-warrior
【Numpy和Pytorch的数据处理】
实验八 异常处理
7-4 hash table search (PTA program design)
Differences among fianl, finally, and finalize
使用Spacedesk实现局域网内任意设备作为电脑拓展屏
Poker game program - man machine confrontation
Hackmyvm target series (6) -videoclub
(original) make an electronic clock with LCD1602 display to display the current time on the LCD. The display format is "hour: minute: Second: second". There are four function keys K1 ~ K4, and the fun
The United States has repeatedly revealed that the yield of interest rate hiked treasury bonds continued to rise
1143_ SiCp learning notes_ Tree recursion
强化学习系列(一):基本原理和概念
FAQs and answers to the imitation Niuke technology blog project (I)