SQL injection 2

Blind note

What should we do when our injection statement is brought into the database query but nothing is returned ？ for example

Boolean type sql Blind note
substr() function
substr(string,start,length)
string( It's necessary ) Specifies that a part of the string to be returned .start( It's necessary ) Specify where to start the string .length( Optional ) Specifies the length of the returned string .


The following results 1 It's true ,0 For false






Manual blind injection is usually not used in actual operation , have access to sqlmap And other tools to increase the efficiency of blind Injection .

Time type sql Blind note
Enter last vince’ and ascii(substr(database(),1,1))=112#, The returned information finds that there is no injection point . Then you can't inject ？ But in fact, it can be injected through the execution time of the back end .



Then you can use tools to measure

Wide byte Injection

Premise ：mysql The coding set of is gbk And magic quotation mark escape is checked