What is mysql error injection?
In mysql, error injection refers to constructing appropriate statements to obtain the desired data through the error information reported on the page; if the application system does not close the database error function, you can use the extractvalue() function to obtain the desired data from the target Returns a string containing the queried value in XML.
The operating environment of this tutorial: windows10 system, mysql8.0.22 version, Dell G3 computer.
What is mysql error injection?
1. What is error injection? And under what circumstances is it used?
Error injection can also be said to be a kind of blind injection------construct the payload so that the information is echoed through the error prompt. You can consider using error injection when joint query cannot reveal the obvious position.
So how is error injection formed?
First of all, the application system has not closed the database error reporting function. For some SQL statement errors, it is directly echoed on the page, and some even directly leak the database name and table name;
Secondly , it is essential that the corresponding error reporting function of MySQL is not filtered in the background.
2. Commonly used functions for error reporting
Here I use the extractvalue() function, whose function is to extract the value from the target Returns a string containing the queried value in XML
EXTRACTVALUE (XML_document, XPath_string): The first parameter: XML_document is in String format, which is the name of the XML document object; The second parameter: String)
3. Basic process
1. Obtain version information
Use the statement 1' and extractvalue(1,concat(0x7e,(select @@version), 0x7e))-- . Among them, concat is the parameter in concatenation (), and 0x7e is the ~ symbol after decoding. -- is the comment character, comment out all subsequent statements in the source code to avoid errors. The results after the test are as follows:
//The 1 before concat is the first parameter of the extractvalue() function, which can be replaced by any number
// The second 0x7e in the statement can be omitted
2. Get the database name
Use the statement
1‘ and extractvalue(1,concat(0x7e,(select database()),0x7e))--+,
3. Get the table name
1’ and extractvalue(1,concat(0x7e,(select group_concat(table_name) from information_schema.tables where table_schema='security'),0x7e))--+. 其中group_concat将tale_name字段的所有行放在一行上显示出来,如下所示
4. Get the data
1' and extractvalue(1,concat(0x7e,(select * from (select username from users limit 0,1) as a),0x7e))--+. 修改其中的limit参数即可获取users表中的不同行内容
Recommended Learning: mysql video tutorial
The above is the detailed content of What is mysql error injection?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1387
52
How to open phpmyadmin
Apr 10, 2025 pm 10:51 PM
You can open phpMyAdmin through the following steps: 1. Log in to the website control panel; 2. Find and click the phpMyAdmin icon; 3. Enter MySQL credentials; 4. Click "Login".
MySQL: An Introduction to the World's Most Popular Database
Apr 12, 2025 am 12:18 AM
MySQL is an open source relational database management system, mainly used to store and retrieve data quickly and reliably. Its working principle includes client requests, query resolution, execution of queries and return results. Examples of usage include creating tables, inserting and querying data, and advanced features such as JOIN operations. Common errors involve SQL syntax, data types, and permissions, and optimization suggestions include the use of indexes, optimized queries, and partitioning of tables.
How to use single threaded redis
Apr 10, 2025 pm 07:12 PM
Redis uses a single threaded architecture to provide high performance, simplicity, and consistency. It utilizes I/O multiplexing, event loops, non-blocking I/O, and shared memory to improve concurrency, but with limitations of concurrency limitations, single point of failure, and unsuitable for write-intensive workloads.
MySQL's Place: Databases and Programming
Apr 13, 2025 am 12:18 AM
MySQL's position in databases and programming is very important. It is an open source relational database management system that is widely used in various application scenarios. 1) MySQL provides efficient data storage, organization and retrieval functions, supporting Web, mobile and enterprise-level systems. 2) It uses a client-server architecture, supports multiple storage engines and index optimization. 3) Basic usages include creating tables and inserting data, and advanced usages involve multi-table JOINs and complex queries. 4) Frequently asked questions such as SQL syntax errors and performance issues can be debugged through the EXPLAIN command and slow query log. 5) Performance optimization methods include rational use of indexes, optimized query and use of caches. Best practices include using transactions and PreparedStatemen
Why Use MySQL? Benefits and Advantages
Apr 12, 2025 am 12:17 AM
MySQL is chosen for its performance, reliability, ease of use, and community support. 1.MySQL provides efficient data storage and retrieval functions, supporting multiple data types and advanced query operations. 2. Adopt client-server architecture and multiple storage engines to support transaction and query optimization. 3. Easy to use, supports a variety of operating systems and programming languages. 4. Have strong community support and provide rich resources and solutions.
Monitor Redis Droplet with Redis Exporter Service
Apr 10, 2025 pm 01:36 PM
Effective monitoring of Redis databases is critical to maintaining optimal performance, identifying potential bottlenecks, and ensuring overall system reliability. Redis Exporter Service is a powerful utility designed to monitor Redis databases using Prometheus. This tutorial will guide you through the complete setup and configuration of Redis Exporter Service, ensuring you seamlessly build monitoring solutions. By studying this tutorial, you will achieve fully operational monitoring settings
How to view sql database error
Apr 10, 2025 pm 12:09 PM
The methods for viewing SQL database errors are: 1. View error messages directly; 2. Use SHOW ERRORS and SHOW WARNINGS commands; 3. Access the error log; 4. Use error codes to find the cause of the error; 5. Check the database connection and query syntax; 6. Use debugging tools.
How to connect to the database of apache
Apr 13, 2025 pm 01:03 PM
Apache connects to a database requires the following steps: Install the database driver. Configure the web.xml file to create a connection pool. Create a JDBC data source and specify the connection settings. Use the JDBC API to access the database from Java code, including getting connections, creating statements, binding parameters, executing queries or updates, and processing results.
