[Knowledge accumulation] SQL injection exp writing ideas

0x00 writing ideas

Test SQL injection, obtain account number and password through injection, and be familiar with the principle and method of SQL injection; modules to be used: request module and re regular module
, disadvantage: only applicable to get request injection

lab environment

dvwa, account password: gordonb/abc123; admin/password 1337/charley
Enter the vulnerability environment and set the level of dvwa to low
image-20211217090421585

Detect if there is sql injection

Add single quotes ' If an error is reported, it may exist

Come to the SQL Injection interface

image-20211217090537846

Enter ' to report an error. There is an error injection

Any characters that appear after the first # will be interpreted by the browser as a location identifier. This means that none of these characters will be sent to the server, so encode # before submitting

Write an exp that detects whether there is an error injection

def pdzr

Guess you like

Origin blog.csdn.net/qq_53577336/article/details/124215904