当前位置:网站首页>Safety learning week4
Safety learning week4
2022-07-05 00:26:00 【Not Xiaosheng】
Safe learning Week4
Web Practical combat
1.[ Geek challenge 2019]EasySQL
Try directly with the default password
Add another ‘ See if you can report an error
Ok Then use or’1’=‘1 了
success
2【buu】[ Geek challenge 2019]LoveSQL
. Login successfully with universal password
Re explosion field
3 A field
Look at the echo
2,3 Echo point
Re explode the database
Explode the watch again
Directly check the column of the second database
Look it up directly
3.[ Geek challenge 2019]BabySQL
or Filtered
Pop field
Union and select It's also filtered
Then double write again
Wrong number of columns
Look at the echo
Check version
Check the library
From It seems to be filtered
Blast storage
Explosion meter
check ctf In the library Flag Tabular flag Column
4.[ Geek challenge 2019]HardSQL
An error is reported when a single quotation mark is found , Double quotation marks do not , There are no brackets , So it should be ordinary single quotation mark closed character injection
The burst field is found to be filtered Use error reporting injection
Get the library name
Name of Pop Watch
Name it
Explosion explosion
I didn't expect the second paragraph to be a }
Nb
5.[ Geek challenge 2019]EasySQL
use select Query library found to be filtered
Select stack injection
This posture is good
Query table
Query table structure
See flag I feel nervous and want to copy lately misc Do more and see flag Just want to copy
It's easy to know in this library
Use preprocessing statements + char() Function will select Of ASCII Code conversion to select character string , Then use concat() Function to get select Query statement , This bypasses the filter . Or use it directly concat() Function together select To bypass .
0’;PREPARE hacker from concat(char(115,101,108,101,99,116), ' * from `1919810931114514` ');EXECUTE hacker;#
Although my blog is not good But you try to see here Leave a compliment before you go
边栏推荐
- Hologres query management and timeout processing
- Remember to build wheels repeatedly at one time (the setting instructions of obsidian plug-in are translated into Chinese)
- Illustrated network: what is gateway load balancing protocol GLBP?
- lambda expressions
- 2022.07.03 (LC 6108 decryption message)
- Upload avatar on uniapp
- How to use fast parsing to make IOT cloud platform
- P3304 [sdoi2013] diameter (diameter of tree)
- Acrel-EMS综合能效平台在校园建设的意义
- Deux nombres se remplacent
猜你喜欢
【雅思阅读】王希伟阅读P4(matching2段落信息配对题【困难】)
URL和URI
Summer challenge brings you to play harmoniyos multi terminal piano performance
Date time type and format in MySQL
电力运维云平台:开启电力系统“无人值班、少人值守”新模式
公司要上监控,Zabbix 和 Prometheus 怎么选?这么选准没错!
图解网络:什么是网关负载均衡协议GLBP?
1189. Maximum number of "balloons"
What is the difference between port mapping and port forwarding
Verilog tutorial (11) initial block in Verilog
随机推荐
PermissionError: [Errno 13] Permission denied: ‘data. csv‘
[paper reading] Tun det: a novel network for meridian ultra sound nodule detection
【路径规划】RRT增加动力模型进行轨迹规划
Get to know ROS for the first time
Two numbers replace each other
In June, the list of winners of "Moli original author program" was announced! Invite you to talk about the domestic database
2022.07.03 (LC 6109 number of people who know secrets)
leetcode518,377
Hisilicon 3559 universal platform construction: YUV422 pit stepping record
Skills in analyzing the trend chart of London Silver
Learning of basic amplification circuit
If you open an account of Huatai Securities by stock speculation, is it safe to open an account online?
TS quick start - functions
npm install报错 强制安装
[IELTS reading] Wang Xiwei reads P4 (matching2 paragraph information matching question [difficult])
How to avoid arc generation—— Aafd fault arc detector solves the problem for you
Using fast parsing intranet penetration to realize zero cost self built website
Robot reinforcement learning synergies between pushing and grassing with self supervised DRL (2018)
Acwing164. Accessibility Statistics (topological sorting +bitset)
Acrel-EMS综合能效平台在校园建设的意义