SQL盲注
拿到一份日志,毫无头绪,上网查wp得知为sql盲注,得再学
1.看时间和后门的长度
sleep(2),1)--+ HTTP/1.1" 200 377 "-"
如果正确会休眠两秒,那么就找到377长度的请求
Ctrl+F sleep(2),1)--+ HTTP/1.1" 200 377 "-"
2.
找出所有的Ascii码
90,109,120,104,90,51,116,90,98,51,86,102,89,88,74,108,88,51,78,118,88,50,100,121,90,87,70,48,102,81,61,61
3.ZmxhZ3tZb3VfYXJlX3NvX2dyZWF0fQ