(陇剑杯 2021) SQL注入系列

1 year ago

source link: https://charmersix.icu/2022/04/29/SQLflow/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

(陇剑杯 2021) SQL注入系列

第一题，看SQL注入的语句，很明显是布尔盲注的特征

这题更没劲，根据我的经验，流量分析倒着看就对了

(select%20flag%20from%20sqli.flag),43,1)%20=%20’+’,1,(select%20table_name%20from%20information_schema.tables)

数据库名#表名#字段名显而易见

将日志导入excel，筛选返回长度479 480 481 482

然后再拿word替换一下，得到

flag{deddcd67-bcfd-487e-b940-1217e668c7db}

当然也可以写个脚本

Recommend

(陇剑杯 2021) SQL注入系列

(陇剑杯 2021) SQL注入系列

Recommend

Whatever Happened To The iPod Nano?

（2022第二届网刃杯） ISC

Legend Motion: A declarative animations library for React Native

OneFlow如何做静态图的算子对齐任务

世界上最惬意的地方，是你家屋顶

The Laos Villages Where People Build Homes Out of Vietnam War Bombs

华谊4年亏64亿，电影公司还能走出寒冬吗？

APP工厂永不眠，但「上新」的思路早变了

In our Digital Future, Will We lose our History?

Close to 1 Year Past Its Launch, $RACA Records a Rise of 2880%, Surpassing Bitco...

About Joyk