文章目录
- [ZJCTF 2019]NiZhuanSiWei
- [CISCN2019 华北赛区 Day2 Web1]Hack World
- [网鼎杯 2018]Fakebook
- [极客大挑战 2019]HardSQL
- [GXYCTF2019]BabySQli
- [BJDCTF 2nd]fake google
- [网鼎杯 2020 青龙组]AreUSerialz
[ZJCTF 2019]NiZhuanSiWei
简简单单对于伪协议的使用,第一步读取useless发现要反序列化
![[BUUCTF]第八天训练日记_反序列化](/i/li/?n=2&i=images/blog/202210/26153553_6358e3592ddf446491.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
![[BUUCTF]第八天训练日记_极客_02](/i/li/?n=2&i=images/blog/202210/26153553_6358e359780b6720.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
芜湖报错,
![[BUUCTF]第八天训练日记_极客_03](/i/li/?n=2&i=images/blog/202210/26153553_6358e359f35ac87559.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
原来在这里hhh
![[BUUCTF]第八天训练日记_sql_04](/i/li/?n=2&i=images/blog/202210/26153554_6358e35a7fa2343476.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
[CISCN2019 华北赛区 Day2 Web1]Hack World
挺简单的一道题
![[BUUCTF]第八天训练日记_反序列化_05](/i/li/?n=2&i=images/blog/202210/26153554_6358e35ad664881046.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
![[BUUCTF]第八天训练日记_反序列化_06](/i/li/?n=2&i=images/blog/202210/26153555_6358e35b443b948462.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
[网鼎杯 2018]Fakebook
发现可以报错注入
![[BUUCTF]第八天训练日记_极客_07](/i/li/?n=2&i=images/blog/202210/26153555_6358e35bc076428159.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
啊这,我想起来了,这道题有源码泄露/user.php.bak
![[BUUCTF]第八天训练日记_sql_08](/i/li/?n=2&i=images/blog/202210/26153556_6358e35c0889b49983.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
![[BUUCTF]第八天训练日记_极客_09](/i/li/?n=2&i=images/blog/202210/26153556_6358e35c377a645766.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
![[BUUCTF]第八天训练日记_反序列化_10](/i/li/?n=2&i=images/blog/202210/26153556_6358e35c9c7a855621.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
[极客大挑战 2019]HardSQL
报错注入的应用
![[BUUCTF]第八天训练日记_极客_11](/i/li/?n=2&i=images/blog/202210/26153557_6358e35d50d3029396.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
[GXYCTF2019]BabySQli
md5绕过,原题提示了,然后利用联合查询生成空表
![[BUUCTF]第八天训练日记_sql_12](/i/li/?n=2&i=images/blog/202210/26153557_6358e35d859b088412.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
[BJDCTF 2nd]fake google
常规SSTI注入
![[BUUCTF]第八天训练日记_极客_13](/i/li/?n=2&i=images/blog/202210/26153557_6358e35de119e11526.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")
[网鼎杯 2020 青龙组]AreUSerialz
![[BUUCTF]第八天训练日记_极客_14](/i/li/?n=2&i=images/blog/202210/26153558_6358e35e7ba2575383.png?,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184 "在这里插入图片描述")