Buuctf question brushing notes - [geek challenge 2019] easysql 1

Continue today BUUCTF The topic , Today's solution [ Geek challenge 2019]EasySQL 1.

One 、 Basic information of the topic

Let's go to the link , Open the web site , The results are shown below ：

Two 、 Their thinking

As can be seen from the above figure , Our target site is a login page . Combined with the topic information , We can guess that the problem is solved as SQL Injection direction .
We simply try the user name with single quotation marks at the user name admin’, The results are shown below ：

As can be seen from the above figure , This is a simple error report SQL Inject .
Next , We try to add a after the user name just now #, Try to filter the following content , The results are shown below ：

3、 ... and 、 Get flag

It is easy to analyze from the above attempts , The topic is very simple , Basically no filtering , We try to use universal password , user name admin’ or 1=1#, Password optional , Click to log in , The results are shown below ：

As can be seen from the above figure , We successfully got the title flag.
Originality is not easy. , Reprint please explain the source ：https://blog.csdn.net/weixin_40228200