3
(陇剑杯 2021) SQL注入系列
source link: https://charmersix.icu/2022/04/29/SQLflow/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
(陇剑杯 2021) SQL注入系列
第一题,看SQL注入的语句,很明显是布尔盲注的特征
这题更没劲,根据我的经验,流量分析倒着看就对了
(select%20flag%20from%20sqli.flag),43,1)%20=%20’+’,1,(select%20table_name%20from%20information_schema.tables)
数据库名#表名#字段名显而易见
将日志导入excel,筛选返回长度479 480 481 482
然后再拿word替换一下,得到
flag{deddcd67-bcfd-487e-b940-1217e668c7db}
当然也可以写个脚本
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK