sqli-Labs————less-42
Less-42
原始碼分析:
在login.php檔案中,我們可以發現以下內容:
從上面所指的程式碼部分我們可以發現,對使用者輸入的密碼沒有經過任何的處理操作,因此在登入的時候可以用於注入。
payload:
username:admin(隨意)
password:aaa';creat table me like users#(建立表hps)
登入之前的四張表:
登入之後:
這算是一個堆疊注入的一個應用吧!
相關文章
- less-12 in sqli-labsSQL
- sqli-labs(54-65)SQL
- sqli-labs————Less-52SQL
- sqli-labs————Less-53SQL
- sqli-labs————Less-55SQL
- sqli-labs————Less-56SQL
- sqli-labs————Less-57SQL
- sqli-labs————Less-58SQL
- sqli-labs————Less-59SQL
- sqli-labs————Less-28SQL
- sqli-labs————less-28aSQL
- sqli-labs————Less-29SQL
- sqli-labs————Less-30SQL
- sqli-labs————Less-31SQL
- sqli-labs————Less-32SQL
- sqli-labs————Less-33SQL
- sqli-Labs————less-35SQL
- sqli-Labs————less-36SQL
- sqli-Labs————less-37SQL
- sqli-Labs————less-38SQL
- sqli-Labs————less-39SQL
- sqli-Labs————less-40SQL
- sqli-Labs————less-41SQL
- sqli-Labs————less-43SQL
- sqli-Labs————less-44SQL
- sqli-Labs————less-45SQL
- sqli-labs————Less-48SQL
- sqli-labs————Less-49SQL
- sqli-labs————Less-51SQL
- Sqli-labs 部落格目錄SQL
- sqli-labs————Less-60-65SQL
- sqli-labs ————less -26aSQL
- Sqli-Labs:Less2-Less4SQL
- 玩一玩sqli-labs靶場SQL
- sqli-labs第二關 詳解SQL
- Sqli-labs之Less1-10SQL
- sqli-labs 第25關(過濾or和AND )SQL
- sqli-labs————Less-26(繞空格、/*、#等)SQL