You need to walk before you can run
TASK 1 What does the acronym SQL stand for?
SQL的全称是:Structured Query Language
TASK 2 What is one of the most common type of SQL vulnerabilities?
常见的SQL漏洞之一是:SQL Injection(SQL注入)
TASK 3 What does PII stand for?
PII的全称是:Personally Identifiable Information(个人可验证信息)
TASK 4 What does the OWASP Top 10 list name the classification for this vulnerability?
OWASP Top 10将此漏洞(即SQL注入)命名为:A03:2021-Injection
TASK 5 What service and version are running on port 80 of the target?
靶机上80端口运行的服务和版本为:Apache httpd 2.4.38 ((Debian))
TASK 6 What is the standard port used for the HTTPS protocol?
HTTPS协议的标准端口是:443
TASK 7 What is one luck-based method of exploiting login pages?
在登录页面碰运气的方法是:brute-forcing(暴力破解)
TASK 8 What is a folder called in web-application terminology?
WEB应用中的文件夹被称为:directory
TASK 9 What response code is given for “Not Found” errors?
“Not Found”对应的响应代码是:404
TASK 10 What switch do we use with Gobuster to specify we’re looking to discover directories, and not subdomains?
在 Gobuster 中用于来指定我们正在寻找目录而不是子域的命令是:dir
TASK 11 What symbol do we use to comment out parts of the code?
用于注释代码的符号:#
Submit root flag
1、直接访问IP,发现登录页面
2、利用万能密码绕过,成功登录拿到flag
username:1’ or 1=1#
password:随便输