Bugku Web WP (i)

1. Registration questions

Dabigatran look at the announcement take flag

2.web2

Right-click on the element to see flag

3. File Upload Test

Grab the package, modify the file type

4. Calculation questions

Right source code, click on this JS

5.web Basic $_get

Get Pass Value

6.web Basic $_post

I am not very good foundation, the Internet to find a section of the PY code

#!/usr/bin/python
#-*-Coding:utf-8-*-
Import Urllib,cookielib;
Import Urllib2

#设置要请求的头, let the server not think you are a robot
headers={' useragent ': ' Mozilla/4.0 (compatible; MSIE 5.5; Windows NT) '};

#post方式时候要发送的数据
values={' What ': ' flag '};

#对发送的数据进行编码
Data=urllib.urlencode (values);

#发送一个http请求
Request=urllib2. Request ("http://120.24.86.145:8002/post/", headers=headers,data=data);

#获得回送的数据
Response=urllib2.urlopen (Request);

Print Response.read ();

7. Contradictions

Analyze source code

The Get method passes in the value of NUM, and the Is_numeric function determines that num is a number or a numeric string, and we truncate it by%00

I found num=11 space in the test when the SDD, can also burst flag, do not know why.

8.web3

Click to open the link found always pop-up dialog box, grab Bag

Then Unioncode turns into ASCII code.

9.sql Injection

At first I thought ID was the injection point, tried a lot of union Select is useless, read someone else's blog to know is wide byte injection

Reference: https://www.2cto.com/article/201209/153283.html

The first step is to determine if a wide-byte injection

Enter this page to show normal, then add '

Page display error, determine existence of wide-byte injection

After query field, the number of fields found is two

Tabular note key to add '

10.SQL Injection 1

The key to solving the problem lies in $id = Strip_tags ($id);

String bypass, the topic filters a lot of strings, but we can use un<br>ion to replace

Bugku Web WP (i)