Microsoft SQL Server 2005-DVWA-SQL注入
[英]Microsoft SQL Server 2005 - DVWA - SQL Injection
问题描述
I am back again with another question regarding dvwa, I've upgraded to MsSQL 2005 this time, and I have another set of questions. 
我又回过头来关于dvwa的另一个问题,这次我已升级到MsSQL 2005,并且还有另外一组问题。 I don't understand a couple of things. 我不明白两件事。 I would like for some kind individual to make it clear to me. 我想让一个好心的人向我说清楚。
So basically, as usual - my goal is to obtain all databases from the DVWA, as well as escalate to the admin panel using manual injection techniques. 因此,基本上,像往常一样,我的目标是从DVWA中获取所有数据库,并使用手动注入技术升级到管理面板。
What I have so far is the database, but I am getting a little confused with the change in syntax. 到目前为止,我所拥有的是数据库,但是我对语法的更改感到有些困惑。 I asked the server to get the databases, and it returned me with the first database. 我要求服务器获取数据库,然后它向我返回了第一个数据库。 My query is as follows: 我的查询如下:
+
and+1=
convert
(
int,db_name()
)
--
My first question is - how can I edit this query so that I will be able to see all the databases, because from my knowledge, this query only drops the 1st database in the SQL data. 我的第一个问题是-如何编辑此查询,以便能够查看所有数据库,因为据我所知,此查询仅将SQL数据库中的第一个数据库删除。 Okay, my second question is, the first database that was dropped was "information", when I looked for the tables using this query: 好的,我的第二个问题是,当我使用此查询查找表时,删除的第一个数据库是“信息”:
+
and+1=
convert
(
int,
(
select+top+1+table_name+from+information_schema.tables
)
)
--
It returned the first table of that database. 它返回了该数据库的第一个表。 Firstly, lets say I have more than the first database, how can I change this query to get the tables for whatever that database name would be. 首先,可以说我的数据库比第一个数据库多,该如何更改此查询以获取该数据库名称将为哪个表。 Secondly, the table it returned was tbl_info_id. 其次,它返回的表是tbl_info_id。
Take note, the server is running IIS 6.0, on coldfusion. 请注意,服务器在Coldfusion上正在运行IIS 6.0。 As I am aware, to request the next table from that database I would have to create a query such as this one: 据我所知,要从该数据库请求下一张表,我将不得不创建一个查询,例如:
+
and+1=
convert
(
int,
(
select+top+1+table_name+from+
information_schema.tables+where+table_name+not+in('tbl_info_id')
)
)
--
How come when I write it, the server responds with: 当我写它时,服务器如何响应:
[SQLServer]Incorrect syntax near 'tbl_info_id'.
That's all, if anyone can explain all this to me, it would be greatly appreciated! 就是这样,如果有人可以向我解释所有这些内容,将不胜感激! Cheers. 干杯。
1 个解决方案
解决方案1
0 已采纳 2014-02-10 17:14:41
There are two things wrong with this: 这有两点错误:
convert
(
int,
(
select+top+1+table_name+from+
information_schema.tables+where+table_name+not+in('tbl_info_id')
)
)
The first is the plus signs. 首先是加号。 Replace them with single spaces. 用单个空格替换它们。
The second is that you are attempting to convert a non-numeric string to an integer. 第二个是您正在尝试将非数字字符串转换为整数。 That will not compute. 那将无法计算。
Regarding logic, your prose says that you want database names, but your code is looking for tablenames. 关于逻辑,您的散文说您想要数据库名称,但是您的代码正在寻找表名称。 If you want database names, do this: 如果需要数据库名称,请执行以下操作:
select name
from sys.databases
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.