随笔分类 - SQL
摘要:This is an exercise which similar to real penetration test so it's valuable. Since I studied the writeup, I decide to write it down. So open the websi
阅读全文
摘要:Uhh.. Today when I was thinking about the problems in sqli-labs, I asked myself: can you operate MySQL in cmd? My answer is no hahahaha So this is a t
阅读全文
摘要:首先还是按照流程来走,先看是什么闭合 /?id=1' 报错,于是就知道是单引号闭合了 后面按照less1234的流程来走就行不通了,于是需要考虑别的注入方法,于是引出今日主题:报错注入 报错注入的原理是通过回显错误信息来获得我们需要的重要信息 报错注入有挺多的,但是本例使用的是floor()向下取整
阅读全文
摘要:0x00 sql注入是怎么回事呢 sql注入是怎么回事呢?sql相信大家都很熟悉,但是sql注入是怎么回事呢,下面就让小编带大家一起了解吧。 sql注入,其实就是sql注入,大家可能会很惊讶sql怎么会注入呢?但事实就是这样,小编也感到非常惊讶。 这就是关于sql注入的事情了,大家有什么想法呢,欢迎
阅读全文
摘要:0x00 前言 学习了一些基础sql知识之后,开始着手进行sql注入,这部分考虑到用词好像比较严谨一点转回中文来写XD 英语不过关是那样的 0x01 注入前戏 开射之前总得来丶前戏,先来个id=1看看有啥效果先 正常回显,然后按照别人思路(毕竟一开始不会很正常别尬黑),先尝试单引号看看有没有闭合错误
阅读全文
摘要:0x00 What we learned before? We have learned how to select particular rows or columns and how to select particular data by the combination of rows and
阅读全文
摘要:I use phpstudy to set a php+Mysql+Apache environment for the sqli-labs. The first step is to download the sqli-labs-master.zip from the official websi
阅读全文
摘要:0x00 What we learned yesterday? We've learned how to add data or insert data into a table. Then we learned how to select all data of a table and renew
阅读全文
摘要:0x00 XD So the day before yesterday we've learned how to create a database and create a table. Today we will learn how to load data into our tables. 0
阅读全文
摘要:0x00 What we have learned yesterday? We've learned what is SQL and it's main features. We've also learned how to create a new database and select it.
阅读全文
摘要:0x00 前言 SQL注入,听起来就高级,疫情那会儿就想搞了,结果搞半天搞不明白,这次工作室选拔赛的SQL注入题目一个没做,面试还被面试官问了^^,很丢人,所以准备从现在开始正儿八经学SQL注入。 SQL注入是一种高危漏洞,这个我都耳熟能详了,究竟高危在哪,原理是啥,一切问题都将在日后一一解答。 0
阅读全文
浙公网安备 33010602011771号