My road to clearing webug levels: The third level (intermediate level) - Code World

My road to clearing webug levels: The third level (intermediate level)

Enterprise 2023-12-18 00:19:58 views: null

1. Level question
Insert image description here
The question suggests that this level is an injection vulnerability
2. Check the page and find that there is no access to the database at the URL. There is no other clickable place on the page

3. It is suspected to be an injection of header information, use burpsuite to check
The header injection has X-Forwarded- For, User-Agent, Referer, cookie, host
Insert image description here

4. Exploit the injection point
Insert image description here
Explode the database:

Explode the table:

Explode the columns of the flag table Name:

Explosion flag:

Guess you like

Origin blog.csdn.net/weixin_45822019/article/details/105661979

My road to clearing webug levels: The third level (intermediate level)

My road to clearing webug levels: Level 4 (intermediate level)

My road to clearing Webug: Level 4 (Basics)

The road to clearing webug4.0 (1) Display error injection

Notes on calling CMake multi-level directories/multiple subdirectories/subdirectory files to other subdirectory file interfaces and clearing intermediate files generated by CMake

[Intermediate] In-depth analysis of transaction isolation level

Notes on the intermediate level of Dameng (for personal use)

Warm congratulations on the launch of my country's third aircraft carrier! Explosive sharing of enterprise-level security plug-ins

Second-level linkage and third-level linkage written by Js

[Data Sharing] Indicators related to road, bridge, and pipeline construction at the provincial level in my country from 2006 to 2021 (more than 10 indicators)

java multithreading, seek death levels & brain-dead level

Four isolation transaction level [reproduced] affairs of four levels of isolation

What are the transaction isolation levels? What is the default isolation level of MySQL?

Soft Exam Intermediate Level 02: Basic Data Communication (1)

Unity turn-based combat system (intermediate level) - advanced

Unity turn-based combat system (intermediate level)

Levels of Practice - My Flash

Regarding vue, when the current second-level route clicks on the third-level route, replace the current second-level route

Cross-domain practice of cookie second-level domain name and third-level domain name

Does the computer third-level certificate need to take the second-level test first?

Computer third-level exam IP address conversion

Huitong Education-Python advanced exercises third level

[Spring uses the third-level cache to solve the process of circular dependencies]

day1_homework 2 (third-level menu)

Arrangement of real and wrong questions in the third-level database (4)

Some requirements for the third-level guarantee of the information management system

Spring's third-level cache solves circular dependencies

Computer third-level network technology knowledge integration

Isolated 4 database isolation levels and 7 kinds of communication behavior and communication behavior database transaction level

echarts implements x-axis display in two levels and the second level can be customized

Recommended

Ranking

error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘

Database migration between Navicat servers

Minimum number of rotation of the array: Array

balenaEtcher for mac (make a boot disk software) v1.5.67

Custom processing serialization and deserialization in jackson

Mu-en-mask system development software

Mastering Regular Expressions

Find mileage Java--

Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions

[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite

Daily

More

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)