摘要:
0x00 前言 学习了一些基础sql知识之后,开始着手进行sql注入,这部分考虑到用词好像比较严谨一点转回中文来写XD 英语不过关是那样的 0x01 注入前戏 开射之前总得来丶前戏,先来个id=1看看有啥效果先 正常回显,然后按照别人思路(毕竟一开始不会很正常别尬黑),先尝试单引号看看有没有闭合错误 阅读全文
摘要:
0x00 What we learned before? We have learned how to select particular rows or columns and how to select particular data by the combination of rows and 阅读全文
摘要:
I use phpstudy to set a php+Mysql+Apache environment for the sqli-labs. The first step is to download the sqli-labs-master.zip from the official websi 阅读全文
摘要:
0x00 What we learned yesterday? We've learned how to add data or insert data into a table. Then we learned how to select all data of a table and renew 阅读全文
摘要:
0x00 XD So the day before yesterday we've learned how to create a database and create a table. Today we will learn how to load data into our tables. 0 阅读全文
摘要:
0x00 What we have learned yesterday? We've learned what is SQL and it's main features. We've also learned how to create a new database and select it. 阅读全文
摘要:
0x00 前言 SQL注入,听起来就高级,疫情那会儿就想搞了,结果搞半天搞不明白,这次工作室选拔赛的SQL注入题目一个没做,面试还被面试官问了^^,很丢人,所以准备从现在开始正儿八经学SQL注入。 SQL注入是一种高危漏洞,这个我都耳熟能详了,究竟高危在哪,原理是啥,一切问题都将在日后一一解答。 0 阅读全文
摘要:
拿到题目先进行代码审计 可以看到首先第一层:payload必须有php或者flag或者boyfriend,否则报错。 第二层:需要更改Hed9eh0g的值,否则一直报错。 同时看到传进去的payload会先序列化,然后filter过滤一遍。 因此考虑php序列化中的一个点:filter过滤可能造成表 阅读全文
摘要:
Snake.. Why are we still here? Just to suffer? Every night, I can feel my leg and my arm.. even my fingers.. the body I've lost. The comrades I've los 阅读全文