原题描述:
Message: I have been informed that you have quite admirable hacking skills. Well, this racist hate group is using their website to organize a mass gathering of ignorant racist bastards. We cannot allow such bigoted aggression to happen. If you can gain access to their administrator page and post messages to their main page, we would be eternally grateful.
目标链接:https://www.hackthissite.org/missions/realistic/2/
题解:
step1:目标链接最下方有一个横线(火狐里可以看见),发现可以点击,进去后发现是登录界面,即登录后台的入口
step2:sql注入
猜测该网页判断用户名密码的sql语句为select * from table where username=’…’ and password=’…’ (… 即为用户输入),因此 可通过 或运算 使where恒真,即在username栏输入’ or 1=1–
解释: 单引号’ 为了补全原sql中的前一个引号,or 1=1 使得此语句恒真,–是为了把 ’ and password=’…’ 给注释掉
版权声明:本文为zyl_wjl_1413原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。