Hello guys, today I will show you some interesting stuffs . 👨
I am training for CTF competition which will be held by my school . And I decided to play with VulnHub.
Let's get started !
- GATHERING INFORMATION :
+Nmap
Hello guys, today I will show you some interesting stuffs . 👨
I am training for CTF competition which will be held by my school . And I decided to play with VulnHub.
Let's get started !
- GATHERING INFORMATION :
+Nmap
A loose comparison is one performed using two equals signs (==
).It follows suit with the “best-guess” approach, which can lead to some unexpected results.
TAKE A LOOK INTO THIS TABLE$row=@mysql_fetch_array(mysql_query("select * from admin_password where password='".md5($ps,true)."'"));OFCORSE WE DONT HAVE IDEA ABOUT PASSWORD , SO WE MUST FIND A WAY TO BYPASS THIS QUERY BY SQL INJECTION !
http://23.96.47.130/web1/chưa học PHP , nên tất cả chỉ là đoán . Nhìn vào hàm echo , có thể thấy có 2 trường hợp trả về : "good!go on" và "a match was not found" . ok .Nhìn thấy phương thức GET . ta sẽ làm việc với biến Cat trên URL sao cho nó trả về 1 trong 2 kết quả trên . :v