SQL 注入（SQL Injection）是发生在 Web 程序中数据库层的安全漏洞，是网站存在最多也是最简单的漏洞。主要原因是程序对用户输入数据的合法性没有判断和处理，导致攻击者可以在 Web 应用程序中事先定义好的 SQL 语句中添加额外的 SQL 语句，在管理员不知情的情况下实现非法操作，以此来实现欺骗数据库服务器执行非授权的任意查询，从而进一步获取到数据信息。

1.像往常一样还是nmap起手

nmap -T4 -A -v <IP>

2.终于碰见web了直接冲吖

3.起手给个登录框不是弱口令就是sql注入，先爆破一波再说

爆破没结果，那应该就是sql注入了冲鸭~

4.采用万能密码尝试是否可以登录

登录成功，且拿到了flag

5.问题及答案

1: What does the acronym SQL stand for?
-> Structured Query Language
2: What is one of the most common types of SQL vulnerabilities?
-> SQL injection
3: What does PII stand for?
-> Personally Identifiable Informatio
4: What does the OWASP Top 10 list name the classification for this vulnerability?
-> A03:2021-Injection
5: What service and version are running on port 80 of the target?
-> Apache httpd 2.4.38 ((Debian))
6: What is the standard port used for the HTTPS protocol?
-> 443
7: What is one luck-based method of exploiting login pages?
-> brute-forcing
8: What is a folder called in web application terminology?
-> directory
9: What response code is given for "Not Found" errors?
-> 404
10: What switch do we use with Gobuster to specify we're looking to discover directories and not subdomains?
-> dir
11: What symbol do we use to comment out parts of the code?
-> #