sqli-labs闯关笔记-less1-20---闯关思路

一、有回显数据，查库，查表，查字段，查字段的值

less1-less3都是输入单引号报错。

less-1——基于单引号的字符型注入

http://127.0.0.1/sqli-labs/Less-1/?id=1'

SELECT * FROM users WHERE id='1'' LIMIT 0,1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1
less-2——布尔型注入

http://127.0.0.1/sqli-labs/Less-2/?id=1'

SELECT * FROM users WHERE id=1' LIMIT 0,1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' LIMIT 0,1' at line 1

less-3——基于’)的字符型注入

http://127.0.0.1/sqli-labs/Less-3/?id=1'

SELECT * FROM users WHERE id=('1'') LIMIT 0,1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'') LIMIT 0,1' at line 1

输入双引号报错，有回显

less-4——基于")字符型注入

输入单引号，界面无错误信息。

http://127.0.0.1/sqli-labs/Less-4/?id=1'

输入双引号，界面报错。

http://127.0.0.1/sqli-labs/Less-4/?id=1"

SELECT * FROM users WHERE id=("1"") LIMIT 0,1

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1"") LIMIT 0,1' at line 1

二、无回显数据，基于盲注，猜库，猜表，猜字段，猜字段的值

less-5——基于’字符型的错误回显注入

http://127.0.0.1/sqli-labs/Less-5/?id=1'

SELECT * FROM users WHERE id='1'' LIMIT 0,1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1

输入正确显示数据。

 

 输入错误不显示数据。

less-6——基于"字符型的错误回显注入
less-7——文件读写注入
less-8——基于’的盲注（利用dns回显）
less-9——基于’的时间盲注
less-10——基于"的时间盲注
less-11——基于’的POST型注入
less-12——基于")的POST型注入
less-13——基于’)的错误回显注入
less-14——基于"的错误回显注入
less-15——基于’的POST型注入（利用dns回显）
less-16——基于’的POST型注入（利用dns回显）
less-17——基于’的密码报错注入
less-18——基于’的User-Agent:报头文报错注入
less-19——基于’的Referer:报头文报错注入
less-20——基于’的Cookie:报头文报错注入