Safety learning week4

Safe learning Week4

Web Practical combat

1.[ Geek challenge 2019]EasySQL

Try directly with the default password

Add another ‘ See if you can report an error

Ok Then use or’1’=‘1 了

success

2【buu】[ Geek challenge 2019]LoveSQL

. Login successfully with universal password

Re explosion field

3 A field  

Look at the echo

2,3 Echo point

Re explode the database

Explode the watch again

Directly check the column of the second database

Look it up directly

3.[ Geek challenge 2019]BabySQL

or Filtered

Pop field

Union and select It's also filtered

Then double write again

Wrong number of columns

Look at the echo

Check version

Check the library

From It seems to be filtered

Blast storage

Explosion meter

check ctf In the library Flag Tabular flag Column

4.[ Geek challenge 2019]HardSQL

An error is reported when a single quotation mark is found , Double quotation marks do not , There are no brackets , So it should be ordinary single quotation mark closed character injection

The burst field is found to be filtered Use error reporting injection

Get the library name

Name of Pop Watch

Name it

Explosion explosion

I didn't expect the second paragraph to be a }

Nb

5.[ Geek challenge 2019]EasySQL

use select Query library found to be filtered

Select stack injection

This posture is good

Query table

Query table structure

See flag I feel nervous and want to copy lately misc Do more and see flag Just want to copy

It's easy to know in this library

Use preprocessing statements + char() Function will select Of ASCII Code conversion to select character string , Then use concat() Function to get select Query statement , This bypasses the filter . Or use it directly concat() Function together select To bypass .

0’;PREPARE hacker from concat(char(115,101,108,101,99,116), ' * from `1919810931114514` ');EXECUTE hacker;#

Although my blog is not good But you try to see here Leave a compliment before you go