1. SQL injection target attack
First build a virtual machine and scan the current network segment with kali
Scan ports with nmap
Open the webpage provided by the virtual machine
Add a quotation mark after id=2, and the webpage reports an error. The website has a sql injection vulnerability
Use the order by statement to try out the number of columns in the background database table of the website. When order by 5, the webpage reports an error, so the query involves four column elements
Use a federated query to view the display position of a web page
Get the display bit to display the name of the database photoblog
Get the database name, you can follow the clues to query those tables in the database
Three columns of elements are available
View the data in the user table