当前位置:网站首页>SQL injection -day15

SQL injection -day15

2022-07-07 03:43:00 kanna_ bush_ t

3、 ... and 、Mysql Inject

3.1 necessary

3.1.1 Meta database  information_schema

Meta database information_schema in :
A table for storing database information :schemata
schemata In the table :
Field schema_name Store all Database name ;
A table that stores table information :tables
tables In the table
Field table_name Store all table names
Field table_schema The name of the database where all tables are stored ;
A table that stores all field information :columns
columns In the table
Field column_name Store all field names ,
Field table_name The table name where all fields are stored ,
Field table_schema The name of the database where all fields are stored ;

a. information_schema In the database tables What's in the table : 

b. infomation_schema database columns What's in the table :

3.1.2 Sentence classification

  • DQL( Data query language ): Query statement , be-all select sentence
  • DML( Data operation language )insert , delete , update , On the table data Conduct Additions and deletions
  • DDL( Data definition language )create , drop , alter Counter table structure Of Additions and deletions
  • TCL( Transaction control language )commit Submit data ,rollback Undo Data Transaction
  • DCL( Data control language )grant to grant authorization ,revoke Revocation of authority, etc

3.1.3 Basic statement

Check the library :

  • show databases;
  • select schema_name from information_schema.schemata;
Building database :
  • create database + Library name ;
Delete library :
  • drop database + Library name ;
Access to database :
  • use + Library name ;
Look up the table :
  • show tables;
  • select table_name from information_schema.tables where table_schema='securit
  • select table_name from information_schema.tables where table_schema=database Basic functions
List :
  • select * from users;
  • select column_name from information_schema.columns where table_name='users'
Check field :
  • select username,password from security.users;

 3.1.4  Basic functions

Database installation 、 route , user Information
version()
Mysql Database version
database()
 Current database name
user()
 The user name of the database
current_user()
 Current user name
session_user()
 The user name of the database connected to
system_user()
 System user name
@@datadir()
 Storage path of database file
@@version_compile_os
 Operating system version
@@basedir
 Database installation directory
String length 、 Intercept
length()
 Returns the length of the string
substring(a,b,c)
 Intercepting string
substr(a,b,c)
 Intercepting string
mid(a,b,c)
 Intercepting string
Three parameters :a. Intercepted string b. Intercept start position c. length
left(a,b)
Take... From the left a Before b position , Correct return 1, Erroneous return 0
Special handling of strings
ord()
return ASCII code
ascii('a')
Alphabet a Convert to ASCII value
rand()
return 0~1 Between random floating-point numbers
round()
 Returns the latest integer value
md5()
 return MD5 value
hex()
 Converts a string to hexadecimal
unhex()
hex() Reverse operation of
floor(x)
 Return is no greater than x Maximum integer for
load_file()
Read the file , Returns the contents of the file as a string
sleep(a)
 A dead sleep a second
if(true,t,f)
The judgment sentence is true , Execute the first , Otherwise, the second
find_in_set()
Returns the position of the string in the string list
benchmark()
 Specifies the number of times the statement is executed
name_const()
 Return table as result

 3.1.5 Import data

  When you want to import a more Or you want to execute in batches sql When the sentence is , have access to mysql Medium source

Usage method :source + File path ( Direct drag )
原网站

版权声明
本文为[kanna_ bush_ t]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202130828121796.html

边栏推荐

猜你喜欢

随机推荐