Catalog

One 、 Introduce ：

Two 、 principle ：

3、 ... and 、 Prerequisite

Four 、 Use process

One 、 Introduce ：

Is the simplest injection method

Joint query injection   Error reporting query injection   Boolean Injection   Delay Injection   Stack query Injection

Two 、 principle ：

It is a collection of results that can merge multiple queries , seeing the name of a thing one thinks of its function , Is to append one table to another table , So as to realize the combination of query results .

---

stay URL In the parameter position of , Inject the constructed statement into the parameter position

select （ Original query content ） union select （ The content of the structure ）

3、 ... and 、 Prerequisite

① There are injection points , That is, it is not filtered

② There are display bits , The result can be echoed

③ The number of columns in the two tables is the same , namely order by or union select To judge column Count

④ Same data type

Four 、 Use process

1、 Determine if there is an injection point

（1） Modify the parameter value at the parameter position ,eg：id=1 It is amended as follows 2 Whether the data changes after

（2） Insert sheet 、 Detection method of double quotation marks （ Commonly used ）, Unclosed single quotation marks cause SQL Statement single quotation mark unclosed error prompt

---

2、 Determine whether the injection point is plastic or character

（1） Digital ： adopt and 1=1

（2） String type ： Closed single quotation mark test statement 'and'1'='1 Judge

---

3、 Determine the number of query Columns

order by or union select

---

4、 Judge the display bit

Error echo , Use the nonexistent id=-1 add union select……

perhaps and1=2 add union select……

---

The following are all through the error report , Construct the information to be found in the display bit

5、 Get all database names

6、 Get all the table names in the database

7、 Get field name

8、 Get the data in the field