CTF之Bugku insert into注入

原理:x-forwared-for注入,时间盲注,insert注入
点开网址就是这么一句话,源码也给出
在这里插入图片描述

function getIp(){
$ip = '';
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];		#从x-forwared-for获取ip
}else{
$ip = $_SERVER['REMOTE_ADDR'];
}
$ip_arr = explode(',', $ip);				#过滤获取到的IP中的逗号
return $ip_arr[0];

}

$host="localhost";
$user="";
$pass="";
$db="";

$connect = mysql_connect($host, $user, $pass) or die("Unable to connect");

mysql_select_db($db) or die("Unable to select database");

$ip = getIp();
echo 'your ip is :'.$ip;
$sql="insert into client_ip (ip) values ('$ip')";	#将IP插入数据库
mysql_query($sql);

关键在这一句sql语句

insert into client_ip (ip) values ('$ip')

过滤了逗号之后能用的payload语句就剩下
case when then else end
substring(“xxxxxx” from 1 for 1)

你可能感兴趣的:(CTF)