POST injection - the injection bis

Others 2020-03-20 01:24:01 views: null

Less-11

Double injection (from the station b Gangster video https://www.bilibili.com/video/av77851975?t=26&p=7 )

1. First, just write a little and then directly capture

 

 We can see the error

 

 This time we add a single quotation mark, and then analyze the background was an error statement

 

 

 

 We can see only see the passwd syntax problems have not seen uname have given us original intention was to add a single quote, by uname have to look at the syntax error

So add a double quote and see

 

 This time the error came out backstage

 

 This time trying to make him not being given direct admin '# close single quote

 

 You can not see the error

Then order by the number of test columns (dichotomy)

Finally measured to be 2

 

 Then union select joint inquiry

 

 Can be found not only see the contents of the display there is no error, then we have no way to query the data we want to get through the echo data

So we have to get a new method! !

The first step was being given back to our place

Since the idea is being given to him by exposure to some of the syntax error message that can not go through it exposed sensitive information

And that's the method can double injection (ie injection which will use two select)

 

 

floor (rand () * 2) This means that the floor takes a random value between 0 and 1 bit which is rounded, the purpose is to duplicate components

 

 

count (1) is the number of statistics rows

means group by group, all columns are grouped according to attributes

For example (the following meaning to a database of all statistics for each mysql database, there are several tables, group by table_schema the meaning according table_schema group)

         (Count (1) is a statistical number of rows)

 

 

Paint demonstrate its principles

First create a temporary table queries one by one, (suggested here to see the video)

 

 

 

 

Why is this result?

When inside a mysql table which appeared the same data two times, you will be prompted this error is called duplicate entries (because the components conflict)

This time we use the concat

 

 When I can see the version information for this component adding, component conflicts, mysql table on the error, while the value of this content to pop out

Then we change the version () changed database (), the database came out

 

 To select a good double

 

 Can group _concat () but there group _concat () does not work so they limit line to line (a single symbol talked about in post injection before this limit)

 

 The first table may burst emails

 

 

 

 limit 4, 1 would not burst there are three tables described

Go burst fields

 

 

 

 Value again burst fields

 

 

 

 Go look at the field of the users table id

 

Guess you like

Origin www.cnblogs.com/cat47/p/12528841.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com