[npuctf2020] ezlogin XPath injection learning
[npuctf2020] ezlogin XPath injection learning After entering this question, there is a simple login page. I took the imperial sword and didn't sweep out anything else. I tried a simple sql injection and didn't show any echo. If it exploded, he had a token that was refreshing all the time, so it would be a little troublesome. I shouldn't take t ...
Added by Nexy on Thu, 10 Feb 2022 23:17:39 +0200
Interview big factory blood abuse interviewers during the day and teach little sister SQL injection at night! It's exciting!
The following picture shows the little sister pointed by the blogger! Hee hee!
1, What is sql injection
SQL injection is one of the more common network attacks. It does not use the BUG of the operating system to realize the attack, but for the negligence of programmers when writing, it realizes no account login and even tampers with the ...
Added by cosmos33 on Sun, 23 Jan 2022 12:06:10 +0200
Some people say that SQL injection has been eliminated. Can you beat him???
Last time I wrote an article about SQL injection, someone said that SQL injection is outdated!!!
preface:
This time, four interesting practical cases are used: Hard - common getshell Fast - fast error injection Quasi - injected under the limit of character length 100 Around – around a university safety dog
Although there are only four ...
Added by lukemedway on Tue, 18 Jan 2022 00:14:13 +0200
WEB vulnerability attack and defense - SQL injection principle, judgment method, filtering and repair
Principle of SQL injection vulnerability
The principle of SQL injection vulnerability is that developers do not effectively filter and judge the legitimacy of the controllable parameters entered by the attacker in the process of coding and developing web applications, resulting in the attacker taking advantage of the controllable malicious ...
Added by pastcow on Sat, 15 Jan 2022 01:44:51 +0200
Secondary injection of SQL injection
catalogue
1. Principle
Secondary injection process
2. Experimental process
(1) View initial users table
(2) Registered user
(3) Modify user password
3. Cause
Specific code
4. Defensive measures
1. Principle
Secondary injection can be understood as the injection caused by the malicious data constructed by the attacker being st ...
Added by urgido on Thu, 30 Dec 2021 21:11:53 +0200