当前位置:网站首页>Zhangxiaobai's way of penetration (VIII) - detailed operation steps of SQL injection - Boolean blind injection of blind injection

Zhangxiaobai's way of penetration (VIII) - detailed operation steps of SQL injection - Boolean blind injection of blind injection

2022-06-25 12:33:00 Litbai_ zhang

Boolean SQL Blind note

Bull's blind note , seeing the name of a thing one thinks of its function , It is a technique of blind injection using logical judgment .
Simply put, we can't see the returned value , We can only crack the database by guessing

Before analyzing an instance , Let's briefly explain the functions to be used

  • left(database(),1)=‘s’ //left function

    explain: left(a,b) Take... From the left a Before b position

  • ascii(substr(database(),1,1))=114 //ascii function ,substr function explain: substr(a,b,c) from b Position start , Intercepting string a Of c length .
    ascii() Convert a character to ascii value .

example

We use it sqli-labs-Less5 To demonstrate
In the initial interface, we will be prompted to enter the parameter Id The numerical
1
The input parameter results are as follows
2 Try entering a symbolic closing statement Insert picture description here
It was found that there was no error , We try to query the number of columns and finally determine that there are 3 Column
4 You can continue to query playload The location of
5
I can't find out , The page has no change compared with the normal interface , At this time, we thought of Boolean blind note ( ok , I read the source code analysis )

We
adopt left function , Guess the database name
6 Keep going through n This operation can finally get the database data you want on the Notepad

ps: you 're right , Boolean blind note is so light

原网站

版权声明
本文为[Litbai_ zhang]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202200531021557.html

边栏推荐

猜你喜欢

随机推荐