Php injection: 10 basic steps

Source: Neeao

1. Determine whether injection exists, add; and 1 = 1; and 1 = 2
2. Determine the version and ord (mid (version (), 4.0)> 51/*. If the returned result is normal, the version is later than. You can use union to query
3. Use the order by violence field and add order by 10/* after the URL. If the returned result is normal, the field is greater than 10.
4. Use union to query accurate fields, for example, and 1 = 2 union select 1, 2, 3,.../* until the return result is normal, indicating that the number of accurate fields is guessed. If spaces are filtered, use/**/instead.
5. determine whether the database connection account has the write permission, and (select count (*) from mysql. user)> 0/* if an error is returned, we can only guess the Administrator account and password.
6. if the returned result is normal, use and 1 = 2 union select 1, 2, 3, 4, 5, 6, load_file (char (ascii values of the file path, separated by commas, 10/* Note: load_file (char (ascii values of the file path, separated by commas) can also be written in hexadecimal notation. In this way, the configuration file can be read and the database connection can be found.
7. First, guess the user table, for example, and 1 = 2 union select 1, 2, 3, 4, 5, 6... from user/*. If the returned result is normal, the table exists.
8. if you know the table, you can guess the field, and 1 = 2 union select 1, username, 3, 4, 5, 6 .... from user/* If field content is displayed in Field 2, some fields exist.
9. In the same way, I guess the password field again. I guess the password is successfully found and then log on to the background.
10. log on to the background and upload the shell.