Lesson 62 GET - challenge - Blind - 130 queries allowed - Variation 1
由此看出,尝试次数为130次,肯定就是盲注,但是真的一次次试,肯定不行,这里就看一下id值包裹情况,具体尝试不再展示。
(1)id值
http://192.168.3.254/sqli-labs-master/Less-62/?id=1
显示正常。Id值被单引号和括号包裹
Lesson 62结束
Lesson 63 GET - challenge - Blind - 130 queries allowed - Variation 2
(1)id值
http://192.168.3.254/sqli-labs-master/Less-63/?id=1
显示正常,id值被单引号包裹
Lesson 63结束
Lesson 64 GET - challenge - Blind - 130 queries allowed - Variation 3
(1)id值
http://192.168.3.254/sqli-labs-master/Less-64/?id=1
显示正常,id值被两个括号包裹
Lesson 64结束
Lesson 65 GET - challenge - Blind - 130 queries allowed - Variation 4
(1)id值
http://192.168.3.254/sqli-labs-master/Less-65/?id=1
显示正常,id值被双引号和括号包裹
Lesson 65结束