当前位置:网站首页>Mexican SQL manual injection vulnerability test (mongodb database) problem solution
Mexican SQL manual injection vulnerability test (mongodb database) problem solution
2022-07-06 09:55:00 【zr1213159840】
The environment of the topic is Nginx+PHP+MongoDB. And the following code is given
In terms of the investigation knowledge points of the topic , That's it MD5 value .
First, let's open the link , Discovery is the user login interface ( If not, please wait a moment ), Then as usual , Click on the notice , Find out id Information about
Let's read the code , stay query This part , hold id After inserting , Directly returned the queried data.
User entered id The value of is directly inserted into the database without any escape , In this place, we can id The value of is
1'});
In this way, the query statement becomes
db.notice.find({
'id':'1'})'})
You can see that the back part is filtered , Then if it is modified to the following part
id=1'}); return ({title:tojson(db.Authority_confidential.find()[1]),2: 1
The assembled statement is
db.notice.find({
'id':'1'}); return ({
title:tojson(db.Authority_confidential.find()[1]),2: 1'})
find The function finds all the data ,tojson Yes convert to json Format , So we can find out all Authority_confidential Data in the library , The effect is as follows
Take a look md5 value , Then log in , Get key
边栏推荐
- Canoe CAPL file operation directory collection
- MapReduce instance (IV): natural sorting
- vscode 常用的指令
- Safety notes
- Cooperative development in embedded -- function pointer
- Canoe cannot automatically identify serial port number? Then encapsulate a DLL so that it must work
- What you have to know about network IO model
- If a university wants to choose to study automation, what books can it read in advance?
- 五月刷题27——图
- 单片机如何从上电复位执行到main函数?
猜你喜欢
51单片机进修的一些感悟
CAPL脚本中关于相对路径/绝对路径操作的几个傻傻分不清的内置函数
Some thoughts on the study of 51 single chip microcomputer
Combined search /dfs solution - leetcode daily question - number of 1020 enclaves
听哥一句劝,按这套嵌入式的课程内容和课程体系去学习
大学C语言入门到底怎么学才可以走捷径
Control the operation of the test module through the panel in canoe (primary)
[deep learning] semantic segmentation: thesis reading (neurips 2021) maskformer: per pixel classification is not all you need
Automation sequences of canoe simulation functions
CANoe仿真功能之自动化序列(Automation Sequences )
随机推荐
There are software load balancing and hardware load balancing. Which one to choose?
硬件工程师的真实前途我说出来可能你们不信
Several ways of MySQL database optimization (pen interview must ask)
max-flow min-cut
May brush question 27 - figure
在CANoe中通過Panel面板控制Test Module 運行(初級)
33岁可以学PLC吗
May brush question 03 - sorting
Automation sequences of canoe simulation functions
五月集训总结——来自阿光
Why can't TN-C use 2p circuit breaker?
May brush question 26 - concurrent search
[deep learning] semantic segmentation: paper reading: (CVPR 2022) mpvit (cnn+transformer): multipath visual transformer for dense prediction
[deep learning] semantic segmentation: thesis reading (neurips 2021) maskformer: per pixel classification is not all you need
四川云教和双师模式
Nc29 search in two-dimensional array
Upload vulnerability
Competition vscode Configuration Guide
Tianmu MVC audit I
【深度學習】語義分割-源代碼匯總