Sqli-labs (10) (Filter comment characters)

Source: Internet
Author: User

23rd Pass:

This is also a get type, string, single-quote, the error of SQL injection, Input id=1 ', the page will be error

We continue to follow the previous routine, first input? id=1 ' or ' 1 ' = ' 1

The normal display of the page indicates that there is a good chance that SQL injection will be present in this place. Continue typing? id=1 ' or ' 1 ' = ' 1 '%23

found that the page unexpectedly error, from the error message found that our comments are not actually, the background to the comments in the filter.

In this case, there is no way to partition the SQL statements behind the comments, only with a closed method. But one thing here is that in the actual test, the number of rows in the table is not known, and the order by is not available here. Because the order by is generally at the end of the SQL statement, and then using the ' closed ' single quotation mark after the order by, SQL will ignore the order by.

For example, we input? Id=1 ' ORDER BY and ' 1 ' = ' 1

The program will never go wrong, and it will not be possible to use Oder by for judgment. There's only a little bit of a try here.

In turn, enter

? id=1 ' Union SELECT ' 1

? id=1 ' Union Select 1, ' 1

? id=1 ' Union Select 1, 1, ' 1

Found to come to an error, and the last one does not error, indicating that the current query table column number is three columns.

After you know that it is three columns, continue typing later

? id=-1 ' Union Select 1, 2, ' 3

As you can see, the data for columns 2nd and 32 are displayed, and since the third column is used to close the following single-cited symbols, we can only use the second column for the query operation.

Input? id=-1 ' Union Select 1, User (), ' 3 ' current user name at query

Input? id=-1 ' Union Select 1, (select Group_concat (schema_name) from Information_schema.schemata), ' 3

Sqli-labs (10) (Filter comment characters)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.