Sqli-labs less 24

Less-24

?

Ps: This may have friends and I have encountered the same problem, login success has not changed the password related operations. The main cause of the problem at this point is that the logged-in.php file is incorrect. can be re-downloaded decompression, the main to be covered during the decompression process.

This is a sample of two sequencing injections. The two-time sequencing injection also becomes a storage-type injection, which is to deposit the word Mr. Foo that might cause SQL injection into the database, and when the maliciously constructed character is called again, it is possible to start SQL injection. Two-time sequencing injection ideas:

1. The hacker constructs the data in the form, in the browser or other software submits the HTTP data message request to the service side processing, the submitted data message request may contain the hacker constructs the SQL statement or the command.

2. The server-side application stores the data that the hacker submits, usually in the database, and the primary purpose of the saved data information is to provide the raw input data for the application to perform other functions and respond to the client request.

3. The hacker sends a second request data message to the server that is not the same as the first time.

4. When the server receives a second request from the hacker, in order to process the request, the server queries the data stored in the database and processes it, causing the SQL statements or commands that the hacker constructs in the first request to execute in the server environment.

5. When the server returns the processed result data, the hacker can determine the success of two injection exploits by returning the result data information.

Our step in this example is to register an admin ' #的账号 and then change the password after logging in to the account. The password for the admin is changed at this time.

The SQL statement changes to update users set passwd= "New_pass" WHERE username = ' admin ' # ' and password= ', that is, the update users set PAS is executed Swd= "New_pass" WHERE username = ' admin '

Step Demo:

(1) The initial database is

1. Register Admin ' #账号

2. Note that the admin ' #的用户 appears in the database at this time, and the admin password is 111

3. Login Admin '--and change the password

   ?

4. You can see that the admin password has been modified to Lcamry

Sqli-labs less 24