-
page-1-less1 error based
- 根据提示输入id值
- id=1 和 id=2等都返回不同的页面,说明是GET型传值。
- 初步猜测语句是 select username,password from table where id = input
- 输入id=1 and 1=1 和 id=2 and 1=2,返回页面相同,说明上述语句猜测失败
- 输入'或\,返回错误提示You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1' LIMIT 0,1' at line 1
-
' '1\' LIMIT 0,1 '
,猜测新的SQL语句是select username,password from table where id = 'input' - 利用方法
- 引号闭合
- 注释
-
page-1-less2 error based
- 根据提示输入id。
- id=1和id=2得到的页面不同说明是GET型传值
- 然后测试and 1=1 和and 1=2 返回的页面不同
- 说明有注入点
- 输入id=1\得到
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\ LIMIT 0,1' at line 1 - 基本可以确定是select uesrname,password from table where id = input limit 0,1
-
page-1-less3 error based
- 根据提示输入id
- id=1和id=2不同,GET型输入
- and 1=1 和 and 1=2 相同
- 输入id=2‘和id=2\,由\得到You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''2') LIMIT 0,1' at line 1
- 判断语句为select username,password form table where id=('input') limit 0,1
-
page-1-less4 errorbased
- 根据提示输入id
- id=1和id=2不同,GET型输入
- and 1=1 和 and 1=2 相同
- 输入id=2‘和id=2\,由\得到You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"2") LIMIT 0,1' at line 1
- 判断语句为select username,password form table where id=("input") limit 0,1
网友评论