Shulou(Shulou.com)06/01 Report--

Preface of 0x00

Recently, when I did the * * test, I found that there were no big pits and there were many small pits. All the errors were caused by something wrong with the details. Today, I encountered another small problem. It took me some time to debug before I found that it was a coding problem. So the details determine the success or failure.

0x01 problem

The author encountered an injection while doing a safety test, and SQLMAP also successfully ran out of the injection.

However, when the author uses the browser for manual injection detection, it is found that there is no injection.

With the mentality of solving the problem, use sqlmap-v 5 to view the information of the specific packets sent.

Sqlmap-u "xxxxxxx/xxxx?aaa=xxxx"-v 5

The author was suddenly attracted by% 25 and immediately realized that% will not be transmitted as% when transmitted in the browser, while the url code value of% is% 25.

Test the browser again and replace% with% 25

0x02 summary

Details. Details determine success or failure, the problem itself is quite retarded.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.