This article is only for the network security Exchange study, is prohibited for illegal use, otherwise the consequence is self-esteemI. How to bulk find SQL injection (Tools + resources are packaged): Http://www.liuwx.cn/post-149.html
1.SQL injection Point Search keyword collection: http://blog.sina.com.cn/s/blog_6910b7580101ci62.html
Google SQL keyword: https://www.exehack.net/779.html
2. I test out the better use of the keyword: inurl:common.asp?id= inurl:asp?id=
3.URL Collector is always deactivated in WIN10, set compatibility to xp:http://jingyan.baidu.com/article/7e440953dc4b6e2fc0e2efdc.html
4. The completion of the acquisition will automatically generate TXT files, such as the Red box section
Two. Penetration Testing tools Sqlmap Basic Tutorial: http://blog.csdn.net/zgyulongfei/article/details/41017493
Three. MD5 Decryption website: http://www.dmd5.com/md5-decrypter.jsp
1. Copy and paste the MD5 cipher below the password in step two
Four. Use the sword to sweep out the background login address
Five. Login background upload Chinese kitchen knife: http://www.maicaidao.co/
SQL Injection Beginner Tutorial