Sqli-labs (16) (Order by injection)

46th Pass:

Http://www.bubuko.com/infodetail-2481914.html There's an article here that's pretty good to see.

This is an injection in the back of order by, with the error injection and the blinds are all possible

Read the source first.

You can see that there is an injection vulnerability following the order by.

Input? sort=1 ' page error, you can use the error injection

The process behind it is no different from the flow of previous error injections.

? Sort=1 and Extractvalue (1,concat (0x7e,user ()))--+

You can also use Updatexml ()

Here, by the way, the blinds flow.

1. The Blind of the Boolean type

Input Sort=rand (True)--+ and Sort=rand (false)--+ page display is not the same, this is because true=1 false=0

Then the input? Sort=rand (ASCII (substr (User ()), +)) >64)--+

The result of the page is similar to rand (TRUE), stating ...

The back will not go on.

2. Time-Based Blinds

Sort=1 and (if (ASCII ((substr (select database () limit 0,1) =115), Sleep (5), 1)) –+

Not much to say.

47th Pass:

As with the 46th, it's just a character injection.

48th Pass:

This is not an error message, using the above-mentioned blind can be.

49th Pass:
The page does not change, using time-based blinds.

50th Pass:

Similar to the 48-pass, except that the Execute SQL statement uses the Mysqli_multi_query () function, which executes multiple SQL statements, so

Stack injection can be used after order by, integral type

51st Pass:

Stack injection can be used after order by, character type

52nd Pass:

Similar to the 49th level, the use of time-based blinds can also be stacked into integer type

53rd Pass:

Similar to the 49th level, the use of time-based blinds can also be stacked into the character type

Sqli-labs (16) (Order by injection)