HTB-Apponintment-Startingpoint

文章摘要

Bpple-GPT

HTB-Apponintment-Startingpoint


image-20250124163540870

基本的端口扫描: image-20250124163626647

  1. What does the acronym SQL stand for?

Structured Query Language

  1. What is one of the most common type of SQL vulnerabilities?

SQL Injection

  1. What is the 2021 OWASP Top 10 classification for this vulnerability?

A03:2021-Injection (这个得自己搜一下)

  1. What does Nmap report as the service and version that are running on port 80 of the target?

Apache httpd 2.4.38 ((Debian))

nmap可以查出来 -sV

  1. What is the standard port used for the HTTPS protocol?

443

  1. What is a folder called in web-application terminology?

directory

  1. What is the HTTP response code is given for 'Not Found' errors?

404

  1. Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?

dir

  1. What single character can be used to comment out the rest of a line in MySQL?

#

登录页面SQL界面查询源码如下:

 <?php
 // 连接到 MySQL 数据库
 mysql_connect("localhost", "db_username", "db_password");
 ​
 // 选择数据库
 mysql_select_db("users");
 ​
 // 获取用户输入的用户名和密码
 $username = $_POST['username'];
 $password = $_POST['password'];
 ​
 // 构建 SQL 查询语句
 $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
 ​
 // 执行查询并将结果存储在 $result 中
 $result = mysql_query($sql);
 ​
 // 获取结果集中的行数
 $count = mysql_num_rows($result);
 ​
 // 检查是否有匹配的用户
 if ($count == 1) {
     // 创建会话并存储用户名和密码
     $_SESSION['username'] = $username;
     $_SESSION['password'] = $password;
 ​
     // 重定向到主页
     header("location:home.php");
 } else {
     // 登录失败,重定向回登录页面
     header("location:login.php");
 }
 ?>

我们输入 admin'#时候后面语句就不会执行,满足登录

进入页面拿到flag


用键盘敲击出的不只是字符,更是一段段生活的剪影、一个个心底的梦想。希望我的文字能像一束光,在您阅读的瞬间,照亮某个角落,带来一丝温暖与共鸣。

BX33661

站长

不具版权性
不具时效性

文章内容不具时效性。若文章内容有错误之处,请您批评指正。


目录

欢迎来到Bpple的站点,为您导航全站动态

64 文章数
20 分类数
44 评论数
15标签数
最近评论
bpple

bpple


一切顺利

fetain

fetain


good luck

bx

bx


good luck

热门文章

Emoji收集

2024-11-01

542
Hello Halo

2024-10-30

524
本地部署LLM

2024-08-22

505
Uptime Kuma

2024-11-29

499
229

访问统计