当前位置:网站首页>Buuctf-[[gwctf 2019] I have a database (xiaoyute detailed explanation)
Buuctf-[[gwctf 2019] I have a database (xiaoyute detailed explanation)
2022-07-06 06:00:00 【Xiaoyute detailed explanation】
buuctf-[[GWCTF 2019] I have a database ( Xiaoyute detailed explanation )
Here I don't know why the display is garbled
Use it directly dirsearch Scan the website
Here we are phpmyadmin Catalog , Login without password succeeded .
The version number is given here MySQL database Version 4.8.1.
This version contains a file vulnerability
The principle of vulnerability is
utilize / send db_datadict.php? Become a nonexistent Directory , utilize include The directory of functions keeps jumping, trying to get flag Catalog .
payload
phpmyadmin/index.php?target=db_datadict.php?/../../../../../flag
边栏推荐
- Redis message queue
- Station B Liu Erden softmx classifier and MNIST implementation -structure 9
- Investment strategy discussion and market scale prediction report of China's solid state high power amplifier industry from 2022 to 2028
- [paper reading] nflowjs: synthetic negative data intensive anomaly detection based on robust learning
- 公司视频加速播放
- 网络协议模型
- 关于 PHP 启动 MongoDb 找不到指定模块问题
- Request forwarding and redirection
- 数学三大核心领域概述:代数
- Clear floating mode
猜你喜欢
B站刘二大人-反向传播
Li Chuang EDA learning notes 12: common PCB board layout constraint principles
B站刘二大人-线性回归及梯度下降
IP day 16 VLAN MPLS configuration
如何在业务代码中使用 ThinkPHP5.1 封装的容器内反射方法
MPLS test report
continue和break的区别与用法
The digital economy has broken through the waves. Is Ltd a Web3.0 website with independent rights and interests?
类和对象(一)this指针详解
Station B Liu Erden - linear regression and gradient descent
随机推荐
Commodity price visualization
Baidu online AI competition - image processing challenge: the 8th program of handwriting erasure
授予渔,从0开始搭建一个自己想要的网页
Station B, Master Liu Er - dataset and data loading
First knowledge database
nodejs实现微博第三方登录
[string] palindrome string of codeup
公司视频加速播放
Download, install and use NVM of node, and related use of node and NRM
[Jiudu OJ 08] simple search x
YYGH-11-定时统计
Dynamic programming -- knapsack problem
Go language -- language constants
Practice sharing: how to safely and quickly migrate from CentOS to openeuler
入侵检测领域数据集总结
Li Chuang EDA learning notes 12: common PCB board layout constraint principles
Jushan database appears again in the gold fair to jointly build a new era of digital economy
LAN communication process in the same network segment
Cognitive introspection
Eigen稀疏矩阵操作