SQLI Labs Series-less-2 detailed article

Source: Internet
Author: User
Tags mysql injection

Just a little episode of this evening, and instantly felt like I was being ridiculed.

SQL Manual injection of this thing, ascetics, if you do not play for a long time, a moment to say, you can only talk about a, sometimes, long-term not write, your construction statement is also very easy to forget, or I will be instant taunt AH ... At least I also played on the network security platform, injection card in the seventh level, I played under Web_for_pentester, Web infiltration target drone 2pentester_ii_i386, these shooting range of side dishes than ...

All right, no, it's time to start pulling this second pass.

Originally thought that tomorrow idle is OK to play, later, I am also busy today is OK, I will continue to play.

The result played half,,, the second one limit is not ....

Think, this Sqli Labs series, I in addition to the first and second details of the whole process to finish, the rest, I only record I am playing around the skill bar, after all, the database is the same, in addition to bypass the posture is not the same, the others are the same, if in the following level, encounter different, I will write in detail.

To the above mentioned two mirrored range, I will also record the process of play, and so on when the time is busy.

OK, don't pull, start the text, but very common, as I began to summarize the details of the MySQL injection ...

First, set the injection environment.

Then, and 1=1 judge.

Return to normal, then start and 1=2 to judge.

Returns an error stating that a false injection can be performed.

Then I started the order by query, and I started with 5,5.

The error is displayed and I start to subtract until the order by 3 is displayed correctly.

This second level is good, also support order by query, unlike the first level, can only be combined to check.

Begins a Union construct statement.

Let it error.

Because I know everything this source code, so only the user and the current library.

Then start guessing all the table names in the Jienku name.

Burst out ...

We continue to select the Users table name.

Start to explode ...

, and then select User, Password.

My wipe, error .... Then I have a good analysis of the next.

I'll go! Table name error, also cross the library ...

Finally, the data came out successfully.

Paste below, the second level of the source code.

OK, this is the end of the second pass, too simple ...

Summarize:

This series, I from this close, only records how to bypass, no longer so detailed, because the next steps are repeated, I will only talk about the front. Well, that's it.

SQLI Labs Series-less-2 detailed article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.