1、ISG2014 SQLMAP Misc 100
附件文件下载:http://www.2cto.com/uploadfile/2014/1013/20141013055722355.zip
题目给了一个sqlmap数据包,查看发现是通过逐位猜解的方式获得key,语句类似
/message.php?id=1 AND ORD(MID((SELECT IFNULL(CAST(`value` AS CHAR),0x20) FROM isg.flags ORDER BY `value` LIMIT 0,1),34,1))>1
首先将pcap包的字符串导出,指令为:
strings sqlmap.pcap | grep isg.flags > 11.txt
将前面的几行去掉,从正式猜解句:GET /message.php?id=1 AND ORD(MID((SELECT IFNULL(CAST(value
AS CHAR),0x20) FROM isg.flags ORDER BY value
LIMIT 0,1),1,1))>64 开始。将pcap文件中的http对象导出来,文件内容类似:
Message #1 AND ORD(MID((SELECT IFNULL(CAST(`value` AS CHAR),0x20) FROM isg.flags ORDER BY `value` LIMIT 0,1),1,1))>64: The quick brown fox jumps over the lazy dog
若条件成立,