BUUCTF-WEB(1)

sql-md5-injection-[BJDCTF2020]Easy MD5

By capturing packets, we can find the hint in the message.
Combining "md5" functions with select statements can cause "md5 injection" vulnerabilities. We can construct the string like "'or something" to form a universal password. A payload is "fifdyop", md5 encrypted is "276f722736c95d99e921722cf9ed621c", convert to a string which is "or'6\xc9]\x99\xe9!r,\xf9\xedb\x1c"

The next problem-solving process is very simple.

posted @ 2021-03-01 17:26  lemon想学二进制  阅读(21)  评论(0编辑  收藏