当前位置:网站首页>记一次edu,SQL注入实战
记一次edu,SQL注入实战
2022-07-06 09:22:00 【又懒有菜】
目录
0x01 思路:inurl: exam result
(存在漏洞的可能性比较大)
探针用rad爬虫+jsfinder爬取到查询接口post
这种功能都有sql select语句(如果过滤不严谨存在注入可能性就比较大)
js前端:身份证号又前端校检18位 绕过才能够抓包
0x02 判断注入
正常发包
单引号报synax语法错误
0x03 报错注入
0x04 sqlmap
剩下的一些直接扔到sqlmap里面跑
边栏推荐
- Leetcode. 3. Longest substring without repeated characters - more than 100% solution
- 深度强化文献阅读系列(一):Courier routing and assignment for food delivery service using reinforcement learning
- 7-3 构造散列表(PTA程序设计)
- Relationship between hashcode() and equals()
- 实验八 异常处理
- JS several ways to judge whether an object is an array
- Have you encountered ABA problems? Let's talk about the following in detail, how to avoid ABA problems
- 7-4 散列表查找(PTA程序设计)
- Hackmyvm target series (6) -videoclub
- Experiment 4 array
猜你喜欢
Have you encountered ABA problems? Let's talk about the following in detail, how to avoid ABA problems
Principles, advantages and disadvantages of two persistence mechanisms RDB and AOF of redis
Using spacedesk to realize any device in the LAN as a computer expansion screen
Renforcer les dossiers de base de l'apprentissage
canvas基础1 - 画直线(通俗易懂)
SRC mining ideas and methods
A piece of music composed by buzzer (Chengdu)
Strengthen basic learning records
Matlab opens M file garbled solution
Hackmyvm target series (4) -vulny
随机推荐
Poker game program - man machine confrontation
Yugu p1012 spelling +p1019 word Solitaire (string)
Why use redis
Zatan 0516
Matlab opens M file garbled solution
Force deduction 152 question multiplier maximum subarray
[面試時]——我如何講清楚TCP實現可靠傳輸的機制
Strengthen basic learning records
The difference between cookies and sessions
[au cours de l'entrevue] - Comment expliquer le mécanisme de transmission fiable de TCP
Using spacedesk to realize any device in the LAN as a computer expansion screen
1. First knowledge of C language (1)
Principles, advantages and disadvantages of two persistence mechanisms RDB and AOF of redis
Experiment 9 input and output stream (excerpt)
Brief introduction to XHR - basic use of XHR
[data processing of numpy and pytoch]
Detailed explanation of redis' distributed lock principle
7-6 local minimum of matrix (PTA program design)
7-4 hash table search (PTA program design)
Hackmyvm target series (4) -vulny