sqli-labs (less-65)

Others 2021-03-22 12:20:41 views: null

sqli-labs (less-65)

Enter level 65, enter

http://127.0.0.1/sql1/Less-65/?id=1


http://127.0.0.1/sql1/Less-65/?id=1'


http://127.0.0.1/sql1/Less-65/?id=1"


Without any error message, it is still the evil Boolean blind injection

http://127.0.0.1/sql1/Less-65/?id=1"--+ #回显错误
http://127.0.0.1/sql1/Less-65/?id=1")--+ #回显正常


I will not repeat the next steps, please see my less-5 for the specific process

Sqli-labs knowledge summary

sqli-labs is an open source and very valuable SQL injection shooting range. sqli-labs basically involves all SQL injection methods, such as union injection, Boolean blind injection, error injection attack, time blind injection, stack injection attack, POST Injection, cookie injection, UA injection, Referer injection, base64 injection, etc., is a very powerful shooting range.

Don’t be afraid when you encounter Boolean blind injection or time blind injection. Although they are both very troublesome, we can use burp suite to capture packets to brute force to assist us in guessing, or to write python scripts, but this requires high programming , You can also use the sqlimap automation tool to guess. sqlmao is a very powerful SQL injection tool, but the tool is a tool after all. It can only be used as our auxiliary means. Manual injection must be the main method and the tool as the supplement. After we know enough about manual injection, manual injection is even faster than using tools.

SQL injection can also be combined with a one-sentence Trojan to get the webshell of the website, or to download local files. SQL injection is very harmful, so in future development, we must prevent SQL injection.

When we find that the website has multiple injection methods, our order must be union injection>error injection>Boolean blind injection>time blind injection. If there is still a stack injection attack, you can also use a stack injection attack.

The general methods of bypassing WAF firewalls include
case bypass,
double writing bypass
url encoding bypass
, inline comment bypass, (/*!and*/)
replacement: If and can be replaced with &&, or can be replaced with ||
space, we can bypass url: %a0 || %0b and so on, filter characters we can use and || or to replace
mysql blank characters: %09; %0A; %0B; %0D; %20;
mysql special syntax:select {x schema_name} from {x information_schema.schemata}

Guess you like

Origin blog.csdn.net/kukudeshuo/article/details/114858408
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com