端口扫描
nmap -sV 10.129.24.207
页面为登录页面,根据提示为SQL注入,尝试用 ' or 1=1;# 测试
admin
1' or 1=1;#
-
Task 1
What does the acronym SQL stand for?Structured Query Language -
Task 2
What is one of the most common type of SQL vulnerabilities?sql injection -
Task 3
What does PII stand for?personally identifiable information -
Task 4
What is the 2021 OWASP Top 10 classification for this vulnerability?A03:2021-Injection -
Task 5
What does Nmap report as the service and version that are running on port 80 of the target?Apache httpd 2.4.38 ((Debian)) -
Task 6
What is the standard port used for the HTTPS protocol?443 -
Task 7
What is a folder called in web-application terminology?directory -
Task 8
What is the HTTP response code is given for 'Not Found' errors?404 -
Task 9
Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?dir -
Task 10
What single character can be used to comment out the rest of a line in MySQL?# -
Task 11
If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?Congratulations