46th Pass:
Http://www.bubuko.com/infodetail-2481914.html There's an article here that's pretty good to see.
This is an injection in the back of order by, with the error injection and the blinds are all possible
Read the source first.
You can see that there is an injection vulnerability following the order by.
Input? sort=1 ' page error, you can use the error injection
The process behind it is no different from the flow of previous error injections.
? Sort=1 and Extractvalue (1,concat (0x7e,user ()))--+
You can also use Updatexml ()
Here, by the way, the blinds flow.
1. The Blind of the Boolean type
Input Sort=rand (True)--+ and Sort=rand (false)--+ page display is not the same, this is because true=1 false=0
Then the input? Sort=rand (ASCII (substr (User ()), +)) >64)--+
The result of the page is similar to rand (TRUE), stating ...
The back will not go on.
2. Time-Based Blinds
Sort=1 and (if (ASCII ((substr (select database () limit 0,1) =115), Sleep (5), 1)) –+
Not much to say.
47th Pass:
As with the 46th, it's just a character injection.
48th Pass:
This is not an error message, using the above-mentioned blind can be.
49th Pass:
The page does not change, using time-based blinds.
50th Pass:
Similar to the 48-pass, except that the Execute SQL statement uses the Mysqli_multi_query () function, which executes multiple SQL statements, so
Stack injection can be used after order by, integral type
51st Pass:
Stack injection can be used after order by, character type
52nd Pass:
Similar to the 49th level, the use of time-based blinds can also be stacked into integer type
53rd Pass:
Similar to the 49th level, the use of time-based blinds can also be stacked into the character type
Sqli-labs (16) (Order by injection)