SQLI Labs Series-less-2 detailed article

Just a little episode of this evening, and instantly felt like I was being ridiculed.

SQL Manual injection of this thing, ascetics, if you do not play for a long time, a moment to say, you can only talk about a, sometimes, long-term not write, your construction statement is also very easy to forget, or I will be instant taunt AH ... At least I also played on the network security platform, injection card in the seventh level, I played under Web_for_pentester, Web infiltration target drone 2pentester_ii_i386, these shooting range of side dishes than ...

All right, no, it's time to start pulling this second pass.

Originally thought that tomorrow idle is OK to play, later, I am also busy today is OK, I will continue to play.

The result played half,,, the second one limit is not ....

Think, this Sqli Labs series, I in addition to the first and second details of the whole process to finish, the rest, I only record I am playing around the skill bar, after all, the database is the same, in addition to bypass the posture is not the same, the others are the same, if in the following level, encounter different, I will write in detail.

To the above mentioned two mirrored range, I will also record the process of play, and so on when the time is busy.

OK, don't pull, start the text, but very common, as I began to summarize the details of the MySQL injection ...

First, set the injection environment.

Then, and 1=1 judge.

Return to normal, then start and 1=2 to judge.

Returns an error stating that a false injection can be performed.

Then I started the order by query, and I started with 5,5.

The error is displayed and I start to subtract until the order by 3 is displayed correctly.

This second level is good, also support order by query, unlike the first level, can only be combined to check.

Begins a Union construct statement.

Let it error.

Because I know everything this source code, so only the user and the current library.

Then start guessing all the table names in the Jienku name.

Burst out ...

We continue to select the Users table name.

Start to explode ...

, and then select User, Password.

My wipe, error .... Then I have a good analysis of the next.

I'll go! Table name error, also cross the library ...

Finally, the data came out successfully.

Paste below, the second level of the source code.

OK, this is the end of the second pass, too simple ...

Summarize:

This series, I from this close, only records how to bypass, no longer so detailed, because the next steps are repeated, I will only talk about the front. Well, that's it.

SQLI Labs Series-less-2 detailed article