OverTheWire攻关过程-Natas模块14

大柚子top

 关注

阅读 91

2023-06-27


我们打开lv14,查看信息



OverTheWire攻关过程-Natas模块14_Access


我们可以输入user和pass进行登陆


这个查询,很容易想到sql注入


我们打开bp,输入信息看看


OverTheWire攻关过程-Natas模块14_Access_02


结果显示



OverTheWire攻关过程-Natas模块14_Access_03


显示链接被重置


我们使用bp修改数据再发送


OverTheWire攻关过程-Natas模块14_重置_04


卡住了


OverTheWire攻关过程-Natas模块14_mysql_05


重新打开


OverTheWire攻关过程-Natas模块14_重置_06


得到密码

验证密码


OverTheWire攻关过程-Natas模块14_重置_07


查看源码


<?php
if(array_key_exists("username", $_REQUEST)) {
    $link = mysqli_connect('localhost', 'natas14', '<censored>');
    mysqli_select_db($link, 'natas14');

    $query = "SELECT * from users where username=\"".$_REQUEST["username"]."\" and password=\"".$_REQUEST["password"]."\"";
    if(array_key_exists("debug", $_GET)) {
        echo "Executing query: $query<br>";
    }

    if(mysqli_num_rows(mysqli_query($link, $query)) > 0) {
            echo "Successful login! The password for natas15 is <censored><br>";
    } else {
            echo "Access denied!<br>";
    }
    mysqli_close($link);
} else {
?>


查询语句


SELECT * from users where username=\"".$_REQUEST["username"]."\" and password=\"".$_REQUEST["password"]."\"


大神分析


OverTheWire攻关过程-Natas模块14_重置_08


OverTheWire攻关过程-Natas模块14_重置_09

相关推荐

OverTheWire攻关过程-Natas模块30

南柯Taylor 68 0 0

OverTheWire攻关过程-Natas模块21

最后的执着 71 0 0

OverTheWire攻关过程-Natas模块17

宁静的猫 85 0 0

OverTheWire攻关过程-Natas模块27

老北京的热干面 60 0 0

OverTheWire攻关过程-Natas模块15

金刚豆 41 0 0

OverTheWire攻关过程-Natas模块12

花海书香 31 0 0

OverTheWire攻关过程-Natas模块33

you的日常 68 0 0

OverTheWire攻关过程-Bandit模块14

外贸达人小峻先森 75 0 0

OverTheWire攻关过程-Leviathan模块0

天悦哥 84 0 0

OverTheWire攻关过程-Leviathan模块4

一天清晨 63 0 0

精彩评论(0)

0 0 举报