Zhangxiaobai's way of penetration (VIII) - detailed operation steps of SQL injection - Boolean blind injection of blind injection

Boolean SQL Blind note

Bull's blind note , seeing the name of a thing one thinks of its function , It is a technique of blind injection using logical judgment .
Simply put, we can't see the returned value , We can only crack the database by guessing

Before analyzing an instance , Let's briefly explain the functions to be used

• left(database(),1)=‘s’ //left function

  explain: left(a,b) Take... From the left a Before b position

• ascii(substr(database(),1,1))=114 //ascii function ,substr function explain: substr(a,b,c) from b Position start , Intercepting string a Of c length .
  ascii() Convert a character to ascii value .

example

We use it sqli-labs-Less5 To demonstrate
In the initial interface, we will be prompted to enter the parameter Id The numerical

The input parameter results are as follows
Try entering a symbolic closing statement
It was found that there was no error , We try to query the number of columns and finally determine that there are 3 Column
You can continue to query playload The location of

I can't find out , The page has no change compared with the normal interface , At this time, we thought of Boolean blind note （ ok , I read the source code analysis ）

We
adopt left function , Guess the database name
Keep going through n This operation can finally get the database data you want on the Notepad

ps: you 're right , Boolean blind note is so light