metinfo_5.0.4 Boolean blind injection script Network disk link Extraction code: dx2o Boolean blind injection judgment basis successful request http://10.9.47.148/metinfo_5.0.4/about/show.php?lang=cn &id=22 and 1=1 failed request http://10.9.47.148/metinfo_5.0.4/about/show.php?lang=cn & amp;id=22 and 1=2 Using blind injection script Startup script python metinfo_booleanBasedBlind.py Explode database name and table name Enter the target IP and automatically blast the current database name and […]
Tag: blind
LINUX Talk (Spend 10 minutes to learn blind box knowledge points) (perror, O_CREAT|O_RDWR, S_IRWXU, lseek, dup, system, struct stat statbuf, regular file bits)
ok friends, without further ado, let’s take a look at the code below! First question: if(fd1< 0) { perror(“open :”); printf(“errno is:%d \ “,errno); This code is used to handle the situation where the file fails to open: The open() function will return a non-negative file descriptor when the file is successfully opened, and -1 […]
NewStarCTF2023week4-midsql (Using binary search to implement time blind injection attack)
After a rough test, I found that the spaces were filtered. Use inline comments /**/ to bypass, it works 1’/**/– + Use ? to replace spaces, or 1′?– + Testing again found that the equal sign was also filtered, we used like instead (I initially thought that and was filtered, but it was not. If […]
sqli-labs level 5 (blind error reporting based on single quotes enclosed by get submission) ideas for passing the level
Article directory Preface 1. Review the knowledge points from previous levels 2. Knowledge you need to know about the fifth level of the shooting range 1. What is a blind bet? 2. How many categories are blind bets divided into? 3. Related functions used for error injection 3. Ideas for the fifth level of the […]
MySQL Sqli-labs less5 blind injection
Reference: Sqli-labs less 5: https://www.cnblogs.com/lcamry/p/6122257.html 12 types of error injection + universal statements: https://www.jianshu.com/p/bc35f8dd4f7c Common functions in SQL injection: https://www.jianshu.com/p/146cabe5959d sqli-labs-Less5 Learn about various error injections: https://blog.csdn.net/rfrder/article/details/108674217 https://blog.csdn.net/m0_47470899/article/details/118695774 https://blog.csdn.net/like98k/article/details/79436463 Detailed explanation of double query injection: https://blog.csdn.net/Leep0rt/article/details/78556440 principle: The function comes from the xiaodi day 16 document: like ‘ro%’ #Judge whether ro or ro… is true […]
Bugku sql injection Boolean-based SQL blind injection classic question where information filtering
Table of Contents Bypass spaces /**/Bypass () bypass Enter to bypass ·(key button) bypass equal sign bypass Bypass, (comma) use substr There are basic bypasses below Comment bypass /**/Bypass #Bypass /*Comment content*/Bypass //comment bypass Case bypass Bypass information filtering Simple blast table name bugku Boolean-based SQL blind injection_bugku Boolean-based SQL blind injection-CSDN blog The questions […]
Reproduction of python script for sql blind injection
SQL injection blind injection operation Recently, when I was studying SQL injection, I was more interested in the gameplay of blind injection. I wrote some python scripts about blind injection. This environment is for the eighth level of sqlilabs. Similar modifications can be made in other scenarios. 1. Exploding database length payload:’ and length(database())={<!– –>}– […]
Complete steps for time blind injection using python script
Article directory 1. Get the database name length 2. Get the database name 3. Get the total length of the table name 4. Get the table name 5. Get the total length of the specified table column name 6. Get the column name of the specified table 7. Obtain the total length of data in […]
SQL manual blind injection – error echo
Software used: phpstudy (MySQL5.7.26, PHP5.3.29), sqli-labs shooting range, Burp Suite, Google Chrome, win11 Functions used for error reporting and echoing updatexml() extractvalue() Shooting range drill Step 1 – Determine whether to use single quotes or double quotes. Step 2 – Guess the column name Step 3 – Blind injection using extractvalue() function Step 4 – […]
Memory Exploitation: Late Blindless and Inescapable Exit Vulnerabilities
0x01 Preface In the field of computer security, the danger of a vulnerability is often closely related to its breadth and potential attack methods. Today we’ll take a deep dive into an incredibly dangerous vulnerability that exists in a common function called “exit” that is executed when a program exits. Whether in the operating system […]