BUUOJ [CISCN2019 North Division Day2 Web1] Hack World

Others 2020-04-08 12:22:03 views: null

Make up the problem and the way to send articles blog

I do not know what this country is race time, the chicken or vegetable brush to a good title

0X01 test sites

SQL injection, blinds, numeric

 

0X02 try it yourself

 

 

 

Try to enter 1

 

 

Master Zhao need a girlfriend? ? ? Well just can have

Input 2

 

 

? ? ? Black question mark

 

Input 3

Submit empty

 

 

Enter the union are filtered ....

 

Every time sql injection is very confused and fuzz testing a ...

It found that many were filtered

 

Later found Master Zhao looked at the video

Write: ^ 1 ^ 1 by 1 point to bypass this knowledge

1^(if((ascii(substr((select(flag)from(flag)),1,1))=102),0,1))

 

Read bigwigs behind the script, found himself still too dishes, chicken dishes script is not Tieshanglai, Tell me what you can go and look at other scripts Gangster

There dichotomy, Boolean blinds, delay, etc.

Attach bigwigs blog:

https://blog.csdn.net/weixin_43345082/article/details/99062970

https://www.cnblogs.com/20175211lyz/p/11435298.html

https://www.cnblogs.com/kevinbruce656/p/11342580.html

 

The source of this problem, we want to help Gangster

 

<?php
$dbuser='root';
$dbpass='root';

function Safe ( $ SQL ) {
     # Content filtering function is not substantially filtered 
    $ BLACKLIST = Array ( '', '||', '#', '-', ';', '&', '+', ' or ',' and ',' ` ','" ',' insert ',' group ',' limit ',' update ',' delete ',' * ',' into ',' union ',' load_file ' , 'outfile', '/.' );
     the foreach ( $ BLACKLIST  AS  $ blackitem ) {
         IF ( stripos ( $ SQL , $ blackitem )) {
             return  False ;
        }
    }
    return True;
}
if(isset($_POST['id'])){
    $id = $_POST['id'];
}else{
    die();
}
$db = mysql_connect("localhost",$dbuser,$dbpass);
if(!$db){
    die(mysql_error());
}   
mysql_select_db("ctf",$db);

if(safe($id)){
    $query = mysql_query("SELECT content from passage WHERE id = ${id} limit 0,1");
    
    if($query){
        $result = mysql_fetch_array($query);
        
        if($result){
            echo $result['content'];
        }else{
            echo "Error Occured When Fetch Result.";
        }
    }else{
        var_dump($query);
    }
}else{
    die("SQL Injection Checked.");
}

 

Guess you like

Origin www.cnblogs.com/JeffKing11/p/12658889.html
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com