sqli-labs:less-13/14
2021-08-31 21:38
681 查看
less-13和less-14差不多,我们以13为例子 和less-12一样,是一个登录界面: 按照less-12的方法: 进行测试,发现报错,那这里很可能我们注入的字符错误: 我们对passwd进行测试: 发现有个括号没有闭合,那么就可能是('')的组合 在admin里面注入
')过了。那么这个题和12题的区别就是闭合不同咯:
看14题:
现在就可以使用updatexml或者extractvalue进行报错注入了:
漏洞解析
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Less-13- Double Injection- String- with twist</title> </head> <body bgcolor="#000000"> <div style=" margin-top:20px;color:#FFF; font-size:24px; text-align:center"> Welcome <font color="#FF0000"> Dhakkan </font><br></div> <div align="center" style="margin:40px 0px 0px 520px;border:20px; background-color:#0CF; text-align:center; width:400px; height:150px;"> <div style="padding-top:10px; font-size:15px;"> <!--Form to post the data for sql injections Error based SQL Injection--> <form action="" name="form1" method="post"> <div style="margin-top:15px; height:30px;">Username : <input type="text" name="uname" value=""/> </div> <div> Password : <input type="text" name="passwd" value=""/> </div></br> <div style=" margin-top:9px;margin-left:90px;"> <input type="submit" name="submit" value="Submit" /> </div> </form> </div></div> <div style=" margin-top:10px;color:#FFF; font-size:23px; text-align:center"> <font size="6" color="#FFFF00"> <?php //including the Mysql connect parameters. include("../sql-connections/sql-connect.php"); error_reporting(0); // take the variables if(isset($_POST['uname']) && isset($_POST['passwd'])) { $uname=$_POST['uname']; $passwd=$_POST['passwd']; //logging the connection parameters to a file for analysis. $fp=fopen('result.txt','a'); fwrite($fp,'User Name:'.$uname."\n"); fwrite($fp,'Password:'.$passwd."\n"); fclose($fp); // connectivity @$sql="SELECT username, password FROM users WHERE username=('$uname') and password=('$passwd') LIMIT 0,1"; $result=mysql_query($sql); $row = mysql_fetch_array($result); if($row) { //echo '<font color= "#0000ff">'; echo "<br>"; echo '<font color= "#FFFF00" font size = 4>'; //echo " You Have successfully logged in " ; echo '<font size="3" color="#0000ff">'; echo "<br>"; //echo 'Your Login name:'. $row['username']; //echo "<br>"; //echo 'Your Password:' .$row['password']; //echo "<br>"; echo "</font>"; echo "<br>"; echo "<br>"; echo '<img src="../images/flag.jpg" />'; echo "</font>"; } else { echo '<font color= "#0000ff" font size="3">'; //echo "Try again looser"; print_r(mysql_error()); echo "</br>"; echo "</br>"; echo "</br>"; echo '<img src="../images/slap.jpg" />'; echo "</font>"; } } ?> </font> </div> </body> </html>
什么嘛,11,12,13,14题都是同一个东西, 。。。。。。
相关文章推荐
- Sqli-labs less 13
- sqli-labs Less-14
- sqli-labs Less-13
- sqli-labs Less-7
- sqli-labs/Less:1-40源码中用到的函数
- Sqlilabs Less 7 Dump to outfile
- Sqli-labs less 2
- sqli-labs ---- Less-1 & Less-3 & Less-4
- sqli-labs ---- Less-2
- sqli-labs-less25-less25a
- sqli_labs less-10到less-15
- sqli-labs Less-6
- sql注入及sqli-labs-master/Less-1题解析
- Sqli-labs less 35
- Sqli-labs less 15
- sqli-labs Less-5
- SQLi-Labs 学习笔记(Less 51-65)
- Sqli-labs之Less:54-57
- Sqli-labs less 16
- sqlilabs闯关 less-1