There are many examples and statements on the web that are manually injected into SQL, and it is worthwhile to learn that manual injection can help us understand the relationship between the website and the database, and also understand why the use of injected statements can find the website vulnerability.
Because I am a novice, injection statement is not familiar with, I this is the note points found in the hand note, and then use SQLMAP implementation injection, to obtain the Administrator account password.
Website: http://www.xxxxxx.com/info.php
When we use? Id=1 or? id=2, the site Introduction section has changed. Then we found the point.
The next step is to use SQLMAP automated scanning
1. Find injection points) (you can also use Sqlmap to find points)
2. Discovery of the use of id=1 ', possibly an injection point
3. Run to database information mysql5.0.11
4.-dbs command to find the database
5. Discovery of 3 databases
6. Stopwatch
7.12 Tables
8. Run the Administrator table
9. There are 4 information to view ID pwd UID
10. Run out of username and password MD5
A SQL injection to a real site ——— sqlmap use