CTF---Web primer third question This looks a little simple!

This looks a little simple! Score: 10

• Source: West Cape College
• Difficulty: Easy
• Number of participants: 10515 people
• Get flag:3441 People
• Number of respondents: 4232 people
• Problem solving pass rate: 81%

It's obvious. Spring Festival does not give gifts, gifts to send this

Format:

Problem Solving Links: http://ctf5.shiyanbar.com/8/index.php?id=1

Original title Link: http://www.shiyanbar.com/ctf/33

"Problem Solving Report"

　　This is the beginning of the web I started to write the third problem, the problem seems to pass rate is quite high, easy to display easy, we can try this problem! Let's take a look at this topic, we do the first point of the web, we look at the source code, we found nothing, is a simple table table, this time we are stuck in the deadlock, so we need to further observation, and then we find the URL is a bit of meaning, it is passed an ID into, id= 1, if the security is familiar with the people know, this may be a SQL injection point, SQL injection, in short, is the front end by committing an illegal database statement or request, should not be the front-end to get the information put to the front, so exposed, we can experiment with it, Let's try adding a single quote.

Hey, we found a very interesting thing, the page error, MySQL explained the background database version exposed,F:\A1bnH3a\ctf\8\index.php is the absolute path of the Web page, in the infiltration process, this is a very dangerous thing, Do not give others know, let's try this is not an injection point?

Let's use the SQL statement:

Normal! Let's try it again ~ ~ ~

Ah, error, this as a bit safe to understand, you can be sure that this address is a SQL injection point, with the SQL injection point, how to do?

Of course we can manually inject, Firefox plug-in provides this function, but, we CTF game, time is life, time is money, we can not waste time on manual injection, we should do is to use tools, this time we should use tools called Sqlmap, The use of this tool requires a Python environment ~ ~ ~

Let's see if the operation is normal ~ ~ ~

Description It configuration no problem ~ ~ ~

Enter its address:

Enter!

Soon burst out of the system for Windows system, first can determine this injection point no problem

We're going to get this flag out of the database.

Report all the libraries in this database

We're supposed to be in the my_db, let's go inside and take a peek.

Enter

My_db inside there are two tables, one is news, one is thiskey,news nothing new, ThisKey may have the doorway

Let's enter the following command to query

Enter

We found that there are two columns in the table, there is a row in the table, k0y, this is the hacker's writing, it means the key, you can be sure that this point must have a mystery

We can continue to enter the next command.

Dump shows the details, so we hit the Enter.

This whatimyd91dump is supposed to be flag.

That's the answer!

CTF---Web primer third question This looks a little simple!