Shulou(Shulou.com)06/01 Report--

(1) Only login box, brute force crack, weak password, found can enter

(2) Log in and see the prompt

There are many message fields, we see uname = YWRtaW4

Decoding base64, found as admin

The second specially grabbed get package is the one that needs to be retrieved

We tested several fields and found that only the cookie field could be changed.

The test method is followed by 'or' 1 AND 1 or '1 and 2

The packages captured are:

GET /index.php HTTP/1.1Host: abd9e1fcc55c7513.yunyansec.comCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8Referer: http://abd9e1fcc55c7513.yunyansec.com/index.phpAccept-Language: zh-CN,zh;q=0.9Cookie: uname=YWRtaW4%3DConnection: close

(3) Use sqlmap to test injection

Specify a connection using-u

-p Specify injection parameters

-v shows the injection process

-level Specify the level

-tamper specifies script

Cookie injection can specify cookies You can also package the post package directly into a txt file.

Save message to 1.txt

the results obtained

(4) View databases and tables

Use-D to specify the database. --table List table

view results

(5) Obtaining table data

-T specifies tables--columns

results

(6)Get Data Use-C Specify Column--dump Get Data

And I finally got the results.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.