当前位置:网站首页>Sqli-libs range 23-24 filtration and secondary injection practice
Sqli-libs range 23-24 filtration and secondary injection practice
2022-06-11 05:57:00 【MajorTom0】
Less-23
Get Type single quotation mark error injection
Input filtered -- # And replace it with empty , So use single quotation marks to close
http://127.0.0.1/sql/Less-23/?id=1' and 1='1
Search directly for known data , success
http://127.0.0.1/sql/Less-23/?id=1' and extractvalue(1,concat(0x7e,(select username from users limit 0,1),0x7e)) and 1='1
Less-24
The secondary injection , View source code
You can see that the login page imposes strict restrictions on user input , The registration page does not , By constructing the user name admin’# Content can be written to the database , And then directly modify the password ,’# take effect , The actual modified user name is admin, In this way, the modification is achieved admin Effect of password , You can use our newly modified password to log in .
register admin’# account number
Sign in admin’# account number
modify admin Account and password
Use admin Account to log in
边栏推荐
- Concepts and differences of parallel computing, distributed computing and cluster (to be updated for beginners)
- Getbackgroundaudiomanager controls music playback (dynamic binding of class name)
- Multithreading tutorial (XXI) double checked locking problem
- Nlp-d46-nlp match D15
- Wechat applet text built-in component newline character does not newline reason
- ReferenceError: server is not defined
- 数组部分方法
- “All in ONE”一个平台解决所有需求,运维监控3.0时代已来
- ThymeleafEngine模板引擎
- 微信小程序text内置组件换行符不换行的原因-wxs处理换行符,正则加段首空格
猜你喜欢
More than 20 cloud collaboration functions, 3 minutes to talk through the enterprise's data security experience
All the benefits of ci/cd, but greener
微信小程序text内置组件换行符不换行的原因-wxs处理换行符,正则加段首空格
Can Amazon, express, lazada and shrimp skin platforms use the 911+vm environment to carry out production number, maintenance number, supplement order and other operations?
"All in one" is a platform to solve all needs, and the era of operation and maintenance monitoring 3.0 has come
Super details to teach you how to use Jenkins to realize automatic jar package deployment
AltiumDesigner2020导入3D Body-SOLIDWORKS三维模型
Multithreading tutorial (XXI) double checked locking problem
NDK learning notes (XI) POSIX sockect local communication
YOLOv5的Tricks | 【Trick8】图片采样策略——按数据集各类别权重采样
随机推荐
Share an RSA encryption and decryption tool class, including public key encryption, private key decryption, private key encryption, public key decryption, private key signature, public key verificatio
Mingw-w64 installation instructions
Experimental report on information management and information system [information security and confidentiality] of Huazhong Agricultural University
Install Oracle Database
Configure the rust compilation environment
[daily exercises] 1 Sum of two numbers
Dichotomy find template
Gilde failed to go to the listener to call back the reason record when loading the Gaussian blur image
If the MAC fails to connect with MySQL, it will start and report an error
Multithreading tutorial (XXIII) thread safety without lock
Error:Execution failed for task ':app:buildNative'. & gt; A problem occurred'x/x/x/'NDK build' error resolution
Super details to teach you how to use Jenkins to realize automatic jar package deployment
Informatica:数据质量管理六步法
More than 20 cloud collaboration functions, 3 minutes to talk through the enterprise's data security experience
Devsecops in Agile Environment
Array partial method
ImageView supporting single finger sliding and double finger scaling
Multi thread tutorial (30) meta sharing mode
"All in one" is a platform to solve all needs, and the era of operation and maintenance monitoring 3.0 has come
Flask develops and implements the like comment module of the online question and answer system