55th Pass:
Similar to the previous one, but the patchwork method is different, so we need to first determine how the background is pieced together
Enter id=1 '--+ id=1 "--+ id= ')--+ id=1")--+ id=1)--+
Found only id=1)--+ can be displayed normally, indicating that the parentheses are closed with the number type.
The following process is the same.
56th, 57 Sekiya and the same as before, except that the SQL is closed in a different way
58th Pass:
Similar to the above, just need to be injected with an error
Input? id=-1 ' Union Select Extractvalue (1,concat (0x7e, (select GROUP_CONCAT (table_name) from Information_schema.tables Where table_schema= ' challenges '), 0x7e)) –+
59th and 60 are also error injection
One is a numeric type and one is a double quote.
61st Pass:
Error injected with two parentheses
62nd, 63, 64, 65 are blind and splicing is not the same way.
Sqli-labs (18)