[Knowledge accumulation] SQL injection exp writing ideas

Language 2023-04-09 22:41:03 views: null

0x00 writing ideas

Test SQL injection, obtain account number and password through injection, and be familiar with the principle and method of SQL injection; modules to be used: request module and re regular module
, disadvantage: only applicable to get request injection

lab environment

dvwa, account password: gordonb/abc123; admin/password 1337/charley
Enter the vulnerability environment and set the level of dvwa to low
image-20211217090421585

Detect if there is sql injection

Add single quotes ' If an error is reported, it may exist

Come to the SQL Injection interface

image-20211217090537846

Enter ' to report an error. There is an error injection

Any characters that appear after the first # will be interpreted by the browser as a location identifier. This means that none of these characters will be sent to the server, so encode # before submitting

Write an exp that detects whether there is an error injection

def pdzr

Guess you like

Origin blog.csdn.net/qq_53577336/article/details/124215904
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com