SQL注入 响应包有如下数据 返回数据包有set-cookie,但是这种ctf要什么cookie呢,看别人wp,cookie是注入点。 bp抓包扔进sqlmap×,因为是gopher协议带进去注入,所以再用一次ssrf脚本√.带上cookie importurllib.parseimportrequestsimporttimeimportbase64 host ="127.0.0.1
[224星][1m] [Ruby] zt2/sqli-hunter SQLi-Hunter is a simple HTTP proxy server and a SQLMAP API wrapper that makes digging SQLi easy. [216星][1y] [PHP] softius/php-cross-domain-proxy PHP Proxy for Cross Domain Requests [213星][8m] [Go] joncooperworks/judas a phishing proxy [207星...
[1224星][1m] [Py] codingo/nosqlmap Automated NoSQL database enumeration and web application exploitation tool. [1199星][11m] [C] blechschmidt/massdns A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) [1108星][t] [Py] sundowndev/phoneinfoga Advan...
[381星][1y] [Py] rhinosecuritylabs/sleuthql Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. [378星][3m] [Java] nccgroup/autorepeater Automated HTTP Request Repeating With Burp Suite [366星][13d] [Java] portswigger/http-reque...
[381星][1y] [Py] rhinosecuritylabs/sleuthql Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. [378星][3m] [Java] nccgroup/autorepeater Automated HTTP Request Repeating With Burp Suite [366星][13d] [Java] portswigger/http-reque...
[1224星][1m] [Py] codingo/nosqlmap Automated NoSQL database enumeration and web application exploitation tool. [1199星][11m] [C] blechschmidt/massdns A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) [1108星][t] [Py] sundowndev/phoneinfoga Advan...
[381星][1y] [Py] rhinosecuritylabs/sleuthql Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. [378星][3m] [Java] nccgroup/autorepeater Automated HTTP Request Repeating With Burp Suite [366星][13d] [Java] portswigger/http-reque...